Internet Identity Theft
With the first spam message being delivered into an unwary victim’s email account, identity theft has jumped online. Viruses and Trojans used to be the best way to capture your information, but with widespread anti-virus software and fewer security holes in computers, the most common way to steal your information now is through a technique called phishing.
Phishing for your information
Phishing is by far the most prevalent form of computer identity theft. Basically, a thief casts the bait - usually an email, but also voicemail, instant messaging and fax - and waits for a bite. In this case, the bite would be you, a (hopefully for them) unsuspecting website user.
An email is sent to your inbox, disguised as a legitimate document from your financial institution. It can be as simple as a letter saying they are from your bank, to an html email with logos and graphics stolen from a real company. Usually, the email will state you need to sign in to your account to verify your identity, or your account information is about to expire and you need to login before losing your information. There will be a link below, which looks like the company name. However, the website address that is shown in the email is not the address used in the underlying programming.
When you click on the link in the email, you are sent to a website that could look exactly like your bank’s website. This is easy to do - a criminal simply has to save a copy of the real page and paste the html and the graphics onto the fake site. Once you enter your information, your login and password is recorded. You may even be redirected to your real bank’s site, to make it look like nothing unusual has happened.
What does the thief do once they have your login and password? Anything they want. They will log into your bank account and record your account information, balance, and all your personal information. This can even be done using an automated program in seconds, so a real person doesn’t even have to do it. The program can then quickly transfer all your funds out of your account to a shadowy bank account. They can also change your password, effectively locking you out of your own account. They can then use your personal information to apply for credit cards and loans from another bank, effectively ruining your credit.
Between 2004 and 2005, 1.2 million computer users had their information stolen in this way, totaling nearly $1 billion in financial loses (Gartner Research). Most of this money was recoverable through business insurance policies that refund any lost funds back to the victims, but everybody pays with higher insurance fees.
How to Combat This?
It would be easy to say to not respond to any email asking for your personal information. In fact, it is that easy. All financial institutions know, or should know, the huge prevalence of email scams. They have responded by informing their clients that they never send out emails asking for personal information, and warning clients of scams targeting clients.
If such an email appears in your inbox, there are several cues to look for. Are there any spelling mistakes? A large percentage of fraudulent emails originate from non-English speaking countries. Also, does the email have your actual name on it? Usually it will be addressed to “Dear bank account user,” or something similar to that effect. Be suspicious of emails without specific personal information, and if it does, and it is clearly a phishing attempt, then the criminal may have stolen some of your information from somewhere else!
Another way to find out if the email is real is to not click the address in the email, but to actually type in the website address yourself, into the URL address box near the top of your browser window. When in doubt, simply phone the institution the email supposedly came from and ask if they did indeed send out this email.
Spam filters, anti-phishing software and virus checkers also help weed out phishing attempts. Several states and federal governments have enacted laws to arrest people suspected of sending phishing emails and creating fake websites, with hundreds of lawsuits and arrests being made. If you are protected with a credit monitoring service, you will know within the day if you a victim.
Phishing will probably decline as more people are aware of their existence and government crackdowns are enforced. Don’t think that’s the end, though - criminals and hackers are crafty by nature, and newer techniques (such as pharming and malware) will always replace an older method to try and capture your personal information.
Subscribe to this site
Email This Page
