The following was originally published 4 October 2010. In light of the Epsilon data breach, Prattle is republishing.
According to the 2009 Verizon Business Data Breach Investigations Report, 285 million consumer records were compromised in 2008 –more than the previous four years combined. As more consumers come to increasingly (blindly) rely upon mobile phones for banking and other financial transactions, Internet and mobile phone scams have become a billion dollar enterprise. The bad news is that the continued emergence of sophisticated fraud techniques promises that data breach statistics will continue to increase exponentially. The good news is that most breaches are avoidable provided that the proper precautions have been taken. By keeping yourself informed of how criminals operate, you will mitigate the risk that you will become the next victim.
Let’s begin with the basics. Back in the day, the practice of obtaining confidential information fraudulently was referred to as social engineering. Old skool hacker, Kevin Mitnick, was the poster boy of this con. Unsuspecting individuals and businesses were contacted via telephone, and, if the criminal was smooth enough, he was able to pass himself off as a repairman or some other person who was entitled to sensitive data.
Back then, individuals and businesses were about as technically savvy as a box of rocks and so conning them out of confidential data was as easy for people like Mitnick as it is now for Wall Street bankers to purchase a politician. But social engineering has long since gone from a mere computer hack and telephone con to phishing, vishing and smishing.
Types of Scams
Phishing << A well known computer phish is the Nigerian advance fee email scam. A phish is essentially an attempt to acquire sensitive data such as credit card and bank account numbers via email.
This popular tactic is favored by criminals and is designed to harvest your data fraudulently by spamming you with email that appears to be from your banking institution and/or credit card company. The email contains a link that the hapless victim believes will take him to his account, but the reality is that the url is a redirect to the criminal’s own website that was created for the express purpose of fooling you into revealing your username and password.
A good way to head off this scam is to be sure that know your financial institution’s security practices and policies before you click on a link within a questionable email. Because computer phishing is a regularly occurring activity, it won’t be difficult to find the Fraud Information section on your financial institution’s website. The FTC also has a very good primer on ID theft found here.
Vishing << (Voice + phishing = Vishing) Is a form of phishing except victims are contacted via a live or automated phone message in an attempt to lure them into providing confidential data so the criminal can then use it to log into the victim’s account and transfer money to himself. Here is an actual vishing attempt recorded by a well known bank that has been recently hit by vishing attacks.
You can learn to protect yourself from vishing attacks by reading more here.
SMiShing << (Short Message Service [texting]+ phishing = SMiShing) Another form of phishing, smishing uses cell phone text messaging to deliver the bait to get you to disclose your personal information such as account number, SSN, CVV code, PIN & other info. The method used to capture your data is usually a website URL, but it has become common practice to send the victim a phone number that connects to an automated voice response system.
Once you call the number provided, you’ll hear a message along the lines of “Notice: This is an automated message from (your financial institution”s name here) that your (name of card) has been suspended. To reactivate this card, please enter in your account number and password. “
This information is then used to create a duplicate credit and/or debit card.
Of course, if you’re banking with Farmers & Merchants bank, and, you receive a text message from UBetcha We’re Too Big To Fail bank, then this particular SMiSh will in all likelihood result in you scratching your head and wondering WTF. But if you actually do bank with UBetcha, then you may believe the text message is legit.
Learn more how to protect your phone here.
What You Can Do
While it’s not possible to anticipate and/or prevent every attack, knowing how criminals operate and the ruses they use to fleece unsuspecting consumers is a big step to avoiding having your identity stolen. In addition to reading this website, the FTC also has an informative page that will help ID popular scams that you may encounter.
Update – The Thriving Fraud Economy Marches On
If you’ve been receiving email notifications regarding a database breach for various brands, it’s because Epsilon -the world’s largest permission-based email marketer- was hacked. So far, the breach seems to include names and email addresses, but no financial information, but be advised that you are not safe. From here on out, you can expect to see a whole lot more scams (such as the above referenced) to get you to disclose your confidential data.
Click here for the most current list of Epsilon’s clients for 4/4/2011.
©2010 Peyton Farquhar™ and Prattle On, Boyo™. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Peyton Farquhar™ and Prattle On, Boyo™ with appropriate and specific direction to the original content.