Many people - especially young people - believe that because they don\'t have a lot of money or assets themselves they don\'t have to worry about criminals bothering them. This is an erroneous and dangerous assumption. Sometimes your good name is exactly what a crook is looking for.
Next to cash, a crook\'s most valuable asset is a good and real financial identity. Many crimes require the use of an unblemished identity, and for that reason they\'ve become a major black market commodity.
There are usually two sets of crooks involved with identity theft: the one who steals and then sells your identity, and the one who buys and uses it.
There are two general categories of Identity Theft
- Account takeover - This is when crooks take over your bank accounts. The person gets the information needed to convince the bank that they are you, and the bank gives them access to your money or line of credit. This can include all of the information associated with your account: account numbers, card numbers, passwords, PINs, security codes, social security numbers and other personal information.
- True-name fraud - This is when crooks get the personal information they need to establish an account in your name, such as a credit card, a new bank account, renting or buying a property, obtaining medical insurance, or establishing a utility service. You may never know about these accounts until they become delinquent and the collection agency comes calling, or you\'re refused a loan because of "unpaid debts" you never knew you had, or until you\'re arrested because there\'s a warrant in your name. Or perhaps you\'re mistreated during an emergency medical situation because your medical records show the records of the criminal rather than yours. While some of this may seem unbelievable, all of these scenarios happen all too often.
Whether you lose money outright or you have to straighten out the disaster a crook has made of your life by using your name to commit crimes, you are a victim of fraud. Don\'t let this happen to you: be vigilant when anyone (even friends or family members, who are - sadly - often involved in identity theft asks for any personal or financial information from you at any time, for any reason. Sound paranoid? That isn\'t such a bad thing these days. When it comes to identity crime, you\'re better safe than sorry.The "Ishings" - Phishing, Vishing and Smishing.
With the advent of digital services, cybercriminals have created devious new ways of stealing victims\' personally identifiable information (PII). The terms used to describe this type of fraud follow a fishing theme (i.e., baiting a hook and casting a line in the water, hoping to lure fish to bite). First seen in emails, the technique has evolved, using the same basic bait-and-hook technique, customized as needed to work through phone and text messaging services.
PII is no longer the only thing at risk to an "ishing" attack. It is also used to lure victims to web sites where their electronic devices can be infected by Trojans or viruses. To add insult to injury, these techniques are only successful if the victim voluntarily complies with the crook\'s request, not recognizing that these requests are illegitimate.
To avoid becoming a victim, don\'t respond to these directives immediately. Question all unexpected requests for PII, instructions to call unrecognized phone numbers or directions to click on links. Contact authentic organizations through other channels and make sure the contacts and requests are legitimate before responding.
- Phishing - Fraud operators bait victims by sending emails that appear to be from a reliable source, asking the recipients to respond to the email in various ways, e.g., send a return email with information or click on a link in the email. Those recipients who respond become victims. Able to send a large number of phishing emails in mass distributions, the crooks need only a small percentage of recipients to respond in order to make it a worthwhile catch.
- Example: Victim receives an email from his bank telling him that he needs to update his password immediately or risk having his online banking service shut down. The victim clicks on the link in the email, which takes him to a fake ("spoofed") bank site where he is instructed to enter his username and current password. He complies and in so doing, gives the fraud operator his on-line banking login information.
- Vishing - Since Voice of Internet Protocol (VoIP) technology became available as an option to traditional telephone services, criminals recognized an opportunity to collect victims\' numeric PII (e.g. credit and bank account numbers, PINs, security codes, SSNs, dates of birth) through their telephone devices, by creating the illusion that they were interacting with a legitimate organization.
- Example: Victim receives an automated phone message that there is a suspicious transaction on her credit card account and to please call a number to confirm the transaction is legitimate. The victim calls the phone number given and is asked to enter her credit card number and security code on the key pad so she can be "authenticated" as the real customer, which is how the crooks get her card information for future fraudulent transactions.
- Smishing - It wasn\'t long before smart phones and texting became a popular communication channel, and with it, scoundrels saw the chance to use SMS - Short Messaging Service - to convince texters to respond to fraudulent texted communications.
- Example: Victim receives a text message that he is about to be charged for a service the victim never ordered. He is told that he needs to contact the company immediately to cancel the order or be responsible for the charge. The text includes a hyper-link, which the victim clicks on, taking him to a fake website that triggers the download of a program that breaches the security features of his phone.