Friday, May 29, 2009

Phishing: An Online Identity Theft Scam









When I hear the word phishing, I imagine early dawn, a still morning and a smooth lake with not a single ripple. But outside the nature world -- and inside the world of computer security -- phishing is online identity theft. This process was described in 1987 and defined and recorded as 'phishing' in 1996 with one sole purpose: to bait innocent victims and catch their passwords, usernames, credit card information and any other financial details.

Con artists have been around since the beginning of time. We've all heard the stories of strangers stepping into the shoes of long lost relatives and making claim for crowns or large sums of money, but now we're in the internet age and the story -- with a similar theme -- has unsuspecting online consumers as its main characters. One of the more recent phishing scams involves the social networking sites. Facebook users beware because if you're one of those users that re-use passwords, then Facebook may be your downfall. Many of us use the same password for every website, meaning if were lured to phishing sites from our facebook account, hackers can also potentially gain access to our Amazon, PayPal and eBay accounts. Read the full story here: Facebook Attacks Threaten All Web Sites

According to the APWG (Anti-Phishing Working Group), these types of crimes are on the rise with crimeware-spreading sites infecting PC's with password-stealing crimeware increasing 827% from January 2008 to December. Phishing schemes are gaining sophistication and sometimes for the everyday online consumer it can be overwhelming. The Anti-Phishing Working Group web site gives up-to-date reports on the latest phishing schemes authorities have uncovered.

There are some steps we can take to protect ourselves from these types of scams.

  • Never give out personal information, including financial, via an email request. Remember the purpose of this is to gain your name, username, address, phone number, password, bank account number, credit card number, CVC code or social security number. Regular e-mail messages aren't encrypted so it's similar to sending a postcard. Be suspicious of email messages requesting this kind of information or even those messages asking to update or confirm such details. And don't call numbers listed on email messages, but rather get the phone numbers from statements. Never click links on suspicious emails or copy and paste links from messages into your browser, but instead you type the URL into your browser or use your Favorite Links.
  • Use secure websites. Ones that you know and trust to submit personal information -- established companies with good reputations and privacy statements where they state that they won't pass on your personal information to others. And make sure these web sites use encryption.
  • Continually monitor online transactions. Review bank and credit card statements and report anything suspicious by calling the number on your account statements. Use credit cards for online purchases, even those with a small credit limit. Debit cards are connected to your bank account and credit cards with high limits only give the thief more money.
  • Use strong passwords, changing them often. Don't use real words, but rather combinations of numbers, uppercase and lowercase letters, and symbols so it's difficult for hackers to guess.
  • Protect your PC. Make sure all your security patches are installed and your browser is up to date. Use a firewall, antivirus software, anti-spyware, and even anti-phishing software.

So if this information does get into the wrong hands, what will the thieves do with it? Identity theft is common and the hacker can now apply for credit in your name, empty out your accounts, max out cards, transfer money from your investments into your checking account and then use a copy of your debit card to take it all.

These identity theft scams are continually growing in sophistication on the internet, so be aware, protect yourself as best as you can, and be prepared with identity theft services for recovery and even prevention.

Friday, May 15, 2009

Identity Theft & Traveling: What You Need To Know

The summer is fast approaching and it may be time to start thinking travel plans. Whether we go near or far, we must be aware of identity theft. In 2007, over eight million people in the United States were victims of identity theft which resulted in almost fifty billion dollars of fraudulent financial charges as quoted by the Javelin Strategy and Research Survey. That number has most likely increased over the last year. Of those victims, a significant portion was business and holiday travelers.


When I travel it's a time to relax, get away from my routine and responsibilities, and enjoy some fun with my family. So, like most people, I let my guard down. Travelers are walking targets to the thief. So perhaps we're not donning the binoculars, loud hats and colorful shirts, but we are travelers nonetheless and to crooks we're quite obvious. These pickpockets lurk in crowded airports, hotel lobbies, bus and train stations, special events -- anywhere a victim is relaxed and seemingly unaware. Our wallet in a back pocket is an invite to these kinds. Besides the obvious stolen wallet, there are other ways our identity can be stolen when traveling. Crooks are becoming smarter -- more technically savvy -- so it's critical we stay one step ahead. We need to be cautious with our laptops and our usage of internet cafes. Rather than finding ourselves in such a situation, prevention is really the key and then leisure or business can follow. So what are some things we can do?

  • Before you even travel, hold mail and newspaper delivery. A pile of newspapers is an open invitation and bills and credit card offers contain all of your information.
  • Go through you wallet. What do you really need? Take out all personal information items that aren't crucial, such as social security cards, memberships, receipts, check books, bills etc. Lock these up in your home -- identity theft can occur at home also by a house sitter or burglar.
  • Carry a fanny pack. Traveling through a crowded airport, trying to get from one point to another can be an arduous task. Carry your credit cards and other personal information with you in your fanny pack. It's much harder to nab someone's fanny pack strapped firmly to their body than a wallet peeking from a pocket. Don't leave these items in checked luggage either. Lost luggage seems more common than in the past, even if it's just for a day.
  • Pay your bills before you leave. Bills lying around in hotel rooms are easy targets for identity crooks.
  • Even open a separate account before traveling and only put in it as much money as you'll need for your holiday. Bring that one debit card with you -- not one linking to all your savings back home.
  • Bring a couple of credit cards with you. These are protected by Federal law and so fraudulent charges are generally covered. Make sure they haven't expired and you can even purchase prepaid cash cards from Visa, American Express or Mastercard. Have a list of the credit cards you brought with you easily available so that you can report the information stolen and set up fraud alerts with the credit bureaus. You can even sign up for identity theft services which can provide continual credit monitoring among other preventative measures and recovery programs.
  • Use the ATM machines available in banks. There is a threat of fake ATM machines in popular tourist areas so be safe and go to the bank.
  • Leave passports, major cards, and any other personal information that's not necessary on a day to day basis in your hotel room safe.
  • Bring a copy of important documents and also store these in a secure and separate place. You'll definitely want a copy of your passport.
  • Keep an eye on your laptop at airports, hotel lobbies and restaurants. Thieves can access personal information when laptops are unattended -- they don't even have to steal it and then the traveler is clueless. Back up your laptop before you leave and put this disc in a safe place at home or in a safety deposit box. Write your name, destination address and any other relevant contact information on a piece of paper that’s taped to your laptop in case it's inadvertently left behind. Use caution here though and use your work address and phone number.
  • Be on guard when using public computers. Key stroke loggers could be installed but generally business centers located on cruise ships and hotels are safer than other public computers.

Stealing someone's identity is not just about having your credit card stolen while the thief enjoys a shopping spree. No, this criminal can then open new credit cards, new accounts, get new loans and then not pay them, leaving 'guess who's name' on the credit report? The worse case scenario is getting arrested for crimes you've never committed. Rather than becoming paranoid, apply the steps listed and be prepared. Preparation and prevention are the two crucial keys in protecting your identity. If a worse case scenario does occur, identity theft services can help with the recovery process along with preventative steps. Travel with confidence this summer season, knowing you've done all that you can do.