Fun With Identity Theft

Identity theft is no laughing matter. Unless the new identity is so patently absurd, and yet demonstrates how easy it is to concoct a new you in this day of proliferated technology. Check out the Norton Today ID Maker for a fun spin on all this. And read the full article below.

id maker intro

id maker intro

id maker work area

id maker work area

Identity Theft Gets More Personal

Consumers are increasingly letting the online world into their confidence. The amount of personal information shared in blogs and vlogs, resumes, pictures of friends and family, PayPal™ transactions, Facebook™ bios, even tweets about what you just had for lunch, mark a collective new level of online over-share. The vast majority of this activity is harmless, safe, and downright fun.

But as social networking and modes of communication proliferate, so do opportunities for scammers to glean bank numbers, birthdates, passport information, and even lunch recommendations. Meantime, scammers are getting increasingly subtle and sophisticated in their approaches. Gone are the days of the widespread virus-starter seeking a moment of fame. Phishing and vishing “artists” too, are fading as consumers become increasingly aware of the wide nets they cast. Today’s identity thieves are getting much more personal. Their approaches use more information specific to you, and target you more unobtrusively through new transmission methods.

Many recent online scams have played on the fact that we trust that the person on the other side if the connection is legit. As opposed to regular phishing attempts, where emails attempting to get personal information are typically distributed en masse, “spear phishing” is an attack aimed at specific targets.

“We’ve had a handful of [spear phishing] cases,” said Jay Foley Executive Director of the non-profit Identity Theft Resource Center in San Diego, CA. “One of the most interesting was a high tech company attack.”

In this particular spear phishing attack, said Foley, somewhere between 200 to 2,000 CEOs received an email claiming to be from the United States District Court in San Diego. The email said that the company was being subpoenaed to testify before a grand jury in San Diego in 48 hours and that more information was contained in an attachment.

Understandably, nobody thinks an urgent subpoena is a joke; ditching a grand jury subpoena could get you in serious legal trouble. So some of the CEOs did what was natural: they opened the attachment. But, as Foley explained, “You click on the attachment and it launches a Trojan horse application that sends out all sorts of information.”

Earlier this year, phishers spammed inboxes with messages claiming that there was a problem with the recipients’ iTunes™ account. A link in the email opened a fake iTunes billing update Web page, which asked for a Social Security number, credit card number with security code, and mother’s maiden name. The page was so poorly-designed that seeing it would’ve sent Apple™ CEO Steve “I Hate Buttons” Jobs into convulsions, but imagine an unsuspecting teenager getting the email and freaking out over losing his precious Radiohead tracks.

Similar attacks have been reported by job seekers excited by receiving targeted emails about opportunities for which they are especially well suited. The excitement turns to suspicion when the fictitious employer asks for unusual information, such as their cell phone carrier or social security number.

So who’s making the attacks, and where do they come from?

“We know two things about them,” said Foley. “First, they’re breathing. Second, they know how to use a computer.” Unfortunately, the anonymous nature of the attacks makes it difficult, if not impossible, to find out who is behind them. Remember, the new breed of scammer is not looking to get famous – they’re looking to get rich.

The Associated Press reported recently that 27-year-old Michael Tyrone Thomas was arrested in Texas for allegedly stealing a computer file with the names and Social Security numbers of 1,132 University of California, Irvine students. Thomas was working for an office that handled the health insurance policies for the university’s graduate students. According to police, Thomas then filed fake tax returns for 163 of the students.

Many of the scams originate from outside of the U.S., according to Foley, the majority of them from Nigeria, Romania, Indonesia, and Russia. While it may not be possible to know who carries out all of the attacks, Foley said that the scams themselves tend to have a few common characteristics.

First, there’s a sense of urgency. They say that “your account will be frozen in 24 hours,” or “unless you do this, the FDIC will freeze your bank account because of irregularities. You have until midnight to respond.”

Second, there’s a great motivation to respond, like keeping your bank account open, or being able to access your downloaded music. Or, in the case of subpoenaed CEOs, not going to prison for skipping out on a mandatory court appearance.

Third, and this is probably key in detecting scams, is that they don’t make a lot of sense. If anybody is going to receive a court summons, they’re going to be served in person, not by email. And places like your bank, Ebay™, or PayPal™ already have your credit card number, so they have no need to ask for it again. They also know your name, so no email from a legit online company will begin with “Dear Sir,” “Customer,” or any generic title.

Aside from defending yourself against these new approaches to glean your information, consider the new means of transmission available that may expose you to thieves.

Many cell and smart phones are now connected to the Internet and just as vulnerable as any computer. So, by extension, are their Bluetooth devices. Keeping personally vigilant while using these devices, including making sure security updates are current, is important. This is why Apple recently drew ire for lagging behind in providing security patches for over 13 documented vulnerabilities in the iPhone™, including code execution holes in Safari™, that left users improperly protected from malicious sites and malware.

Wireless transmission offers another increasing threat. If you’re using the free wi-fi service at the nearest greasy spoon, be wary of sending sensitive material. Thieves have been known to park their cars near free hot-spots, gleaning information.

Even RFID (the little chips embedded in modern credit cards) theft is on the rise as it becomes more common for payment cards and passports. Identity thieves can purchase small RFID receivers online, reprogram them using instructions downloaded from YouTube™, and steal information by getting within 10-50 cm of your wallet.

In this new and more social world of online interaction, where your life is online for all to see and new devices help you put yourself out there more conveniently than ever, it can be more difficult to tell the friends from the foes. Thieves are likely to either seem like they know you, or to never have any interaction with you at all, and more rarely fall somewhere in between. The best advice is to remember that, while it’s perfectly safe to share what you had for lunch with the world, there are still a few pieces of personal information best kept personal.

~ by joshuakelly on November 17, 2008.

%d bloggers like this: