Identity Theft: Common ways of theft and preventions


Identity theft begins when someone takes your personally identifiable information (PII) such as your name, Social Security number (SSN), date of birth, home address, without your knowledge or permission for their personal financial gain.

Identity theft has become a nightmare for all of us. Organizations and institutions are investing a lot for identity management and prevention of breaches and theft. As an individual, we need to understand the different techniques used by criminals for identity theft so that we can not only raise our awareness but also prevent it from being happened. I would go in details with most common ways of theft and shade a light on prevention steps.

There are so many techniques used by hackers or criminals that we should categorized them into offline or non-technical and online or technical identity theft attacks. Let us find out how these attacks are carried out and how we can prevent them.

Offline or non-technical attacks



Mail theft: This is when a thief targets your mailbox and searches through your documents in search of paperwork that may have sensitive personal identification information on it. Things like government files or credit card applications that are pre-filled out are just a few of the items that may be targeted. Identity theft criminals, at times, have been known to re-direct your mail by submitting a change of address to the post office.

Prevention: You should monitor your mail regularly. If you suspect that someone has been taking mail out of your mailbox, contact the post office immediately. Do not leave your mail in the mailbox for extended periods. Use a locking mailbox if possible, or rent a box at the post office. If possible, receive your bills and make payment online.

Dumpster Diving: Criminals will go through your trash looking for utilities bills, credit cards bills, medical insurance, bank statement and other personally identifiable information. This crime is surprisingly common.

Prevention: You should shred everything before disposing of it with a cross-cut paper shredder. Another method to use is to go paperless by receiving statements and making your payments online. Keep track of your credit report and report any discrepancies to your Credit Card Company and credit bureaus.

Social Engineering: Social engineering is the practice of highly skilled criminals or actors either in person, over the telephone, or computer, uses means to deceive someone else into divulging sensitive information. Usually, social engineers know some information that lead the victim to believe they are legitimate and give the information asked. Pretexting is also part of social engineering.

 Prevention: best approach is stay diligent. Do not give out any personal information to anyone you do not know. If in doubt, do not be afraid to obtain the person’s contact number; let him/her know that you will call him/her back. Verify the person’s identification. Also verify with others or verify with the company the person is representing that such information is really needed.

Shoulder surfing: The criminal attempts to get close enough to you so that when you enter password information, such as a PIN number at an ATM, the thief records the password. Although this can typically occurs in a public setting, where the victim is and their credentials are in plain sight, it may also occur through a video camera setup by the criminal.

Prevention: You should be aware of your surroundings when you are accessing any accounts that require you to enter a password or PIN in public. If someone stands too close to you, do not be afraid to ask the person to move back. If he/she is not willing to do so, let the person go first. Remember, it is better to be safe than sorry. If you do not feel safe, leave the place immediately.

Old-Fashioned Stealing: Criminals target wallets and purses, mail, bank and credit card statements, pre-approved credit offers, new checks, tax information, personnel records, or bribe employees who have access.

Prevention: Limit the amount of personal information you carry with you. Do you not carry your Social Security card, blank checks, old deposit slips, and any information that may contains your login and password information. Women are advised to keep their purses closed and secure at all times. Carry purse close to your body, with the bag in front so that you can keep it within your sight.

Online or technical attacks



Social Networking: Criminals regularly search social networking sites to steal personal information like name, date of birth, address and other information so they can use to commit fraud.



Prevention: You should be careful when posting on social networking site such as Facebook, Twitter. You should avoid listing your personal information on sites. Always use the privacy settings of social networking site.

Skimming: Criminals steal credit/debit card numbers by using a special storage device attached to ATM machines. The device reads the magnetic strip on your card which thieves use to commit fraud.

Prevention: Make it a habit to periodically check your credit reports. This helps you discover if anyone made unauthorized purchases or has stolen your identity to access your bank accounts or open other lines of credit in your name. Try to minimize credit transactions and use cash instead.

Pretexting: Criminals use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources. This is when a thief dupes their victim into giving up personal information by playing the “con game.” Whether by phone‚ in person or over the internet‚ they will use a piece of info they already have about you to make them seem legitimate. Criminals will call you on telephone, and make you to believe they are business that require this information.

Prevention: Verify who you are speaking to. Ask for a call back number, and question why they need this information. Look for the telephone number of the company the individual says he/she works for. Call the company. See also Social Engineering

Man-in-the-Middle: Criminals are involved in intercepting communication between the two parties and record the information without the knowledge of both parties. Criminals use this information to steal the personal identifiable information.

A common scenario is searching for URL of the company, say http://mybank.com. Once found, click on the link to access the website. However when the website appeared on screen, you did not notice that URL has changed to something like http://badguys.com/http://myvictim.com. This is the website that redirected you to criminal’s website. Any information you enter here is recorded by criminals now.

Prevention: You should be more diligent when access a website from the web search results. Always check that website address is legitimate by verifying the URL in address bar. Do not create or enter your information such login information if the website is not “https”.

Phishing schemes: Increasingly popular now that almost all business is conducted via the internet‚ this crime is committed when hackers access files on your computer that could contain the keys to your identity. By pretending to be financial institutions or companies, criminals can send spam or pop-up messages to get you to reveal your personal information. These types of attacks occur in number of ways, cell phone texting, social networks, and emails with or without attachment, SMS and standard mail in your mailbox.

  • Malware based: Criminals attached harmful computer program onto emails, websites and other electronic documents on internet such as PDF, DOC, XLS, PIN or JPEB type of files. Criminals will make you feel that these emails are from legitimate person, company or organizations that you are known to.
  • SMShing: Criminals also send span text messages pretending as financial institutions or other legitimate organization. These text messages has sense urgency that may lead you to disclose your personal information by clicking on the link that appear on text message.
  • Vishing: This is also known as “voice phishing”. Criminals often contact you over the telephone, pretending that the call is from legitimate organization or government agencies. You may have received calls or voice message, pretending from IRS regarding a serious audit issue and can lead to arrest by FBI.
  • Spam based: In this type of attacks, criminals, known as spammers, send repeated spam emails to you. These emails offer you scholarships, free product, business partnership etc. Spammers also pretends to be financial institution or organization you might belong to.
  • Spear phishing: this attack is similar to email spamming but it target businesses. Criminals or spammers send emails to almost every employee of the organization and can be written to look like that it is sent by a division within the organization

Prevention: Protect yourself by contacting the security administrator or help desk in organization. Do not reply back the email. Do not open any attachment. Do not click any link provided in the email. If you accidentally open the attachment or click the link, immediately notify the security team for further investigation. Be caution when downloading or installing programs from the Web. Do not click or fall into the trap for free games, movies, software on internet.

Check out the website www.antiphisihign.org or www.spamhaus.org which contains an active list of phishing schemes or allows you to check if the website is suspected of phishing.

For network or system administrators, if you are fan of free tools to do your job, always check if the downloaded file is legitimate or not. Check out at www.virustotal.com

Employment scams: These scams advertise a bogus job with high salary and benefits compare to other companies for same job. Criminal’s website will ask you to enter personal information such SSN in addition to other personal information.

Prevention: Do not fall into the trap and always verify that posting company is legitimate. Research the company before submitting any information or downloading attachment. If you are not sure, just avoid it. Never give out personal identification information without knowing whom you are dealing with.

Resource to find if a website is legitimate is www.scambusters.org. this website contains review of the website along with message board.

 

 

 

No comments:

Post a Comment