Prattle Encore|The Thriving Fraud Economy

The following was originally published 4 October 2010.  In light of the Epsilon data breach,  Prattle is republishing.

According to the 2009 Verizon Business Data Breach Investigations Report, 285 million consumer records were compromised in 2008 –more than the previous four years combined.  As more  consumers come to increasingly (blindly) rely upon mobile phones for banking and other financial transactions,  Internet and mobile phone scams have become a billion dollar  enterprise.  The bad news is that the continued emergence of sophisticated fraud techniques promises that data breach statistics will continue to increase exponentially.  The good news is that most breaches are avoidable provided that the proper precautions have been taken.  By keeping yourself informed of how criminals operate, you will mitigate the risk that you will become the next victim.

Let’s begin with the basics.  Back in the day, the practice of obtaining confidential information fraudulently was referred to as social engineering.  Old skool hacker, Kevin Mitnick, was the poster boy of this con. Unsuspecting individuals and businesses were contacted via telephone, and, if the criminal was smooth enough, he was able to pass himself off as a repairman or some other person who was entitled to sensitive data.

Back then, individuals and businesses were about as technically savvy as a box of rocks and so conning them out of confidential data was as easy for people like Mitnick as it is now for Wall Street bankers to purchase a politician. But social engineering has long since gone from a mere computer hack and telephone con to phishing, vishing and smishing.

Types of Scams

Phishing <<  A well known computer phish is the Nigerian advance fee email scam.  A phish is essentially an attempt to acquire sensitive data such as credit card and bank account numbers via email.

This popular tactic is favored by criminals and is designed to harvest your data fraudulently by spamming you with email that appears to be from your banking institution and/or credit card company.  The email  contains a link that the hapless victim believes will take him to his account, but the reality is that the url is a redirect to the criminal’s own website that was created for the express purpose of fooling you into revealing your username and password.

A good way to head off this scam is to be sure that know your financial institution’s security practices and policies before you click on a link within a questionable email. Because computer phishing is a regularly occurring activity, it won’t be difficult to find the Fraud Information section on your financial institution’s website. The FTC also has a very good primer on ID theft found here.

Vishing << (Voice + phishing = Vishing) Is a form of phishing except victims are contacted via a live or automated phone message in an attempt to lure them into providing confidential data so the criminal can then use it to log into the victim’s account and transfer money to himself.  Here is an actual vishing attempt recorded by a well known bank that has been recently hit by vishing attacks.

You can learn to protect yourself from vishing attacks by reading more here.

SMiShing <<  (Short Message Service [texting]+ phishing = SMiShing) Another form of phishing, smishing uses cell phone text messaging to deliver the bait to get you to disclose your personal information such as account number, SSN, CVV code, PIN & other info. The method used to capture your data is usually a website URL, but it has become common practice to send the victim a phone number that connects to an automated voice response system.

Once you call the number provided, you’ll hear a message along the lines of “Notice:  This is an automated message from (your financial institution”s name here) that your (name of card) has been suspended. To reactivate this card, please enter in your account number and password. “

This information is then used to create a duplicate credit and/or debit card.

Of course, if you’re banking with Farmers & Merchants bank, and, you receive a text message from UBetcha We’re Too Big To Fail bank, then this particular SMiSh will in all likelihood result in you scratching your head and wondering WTF.  But if you actually do bank with UBetcha, then you may believe the text message is legit.

Learn more how to protect your phone here.

What You Can Do

While it’s not possible to anticipate and/or prevent every attack, knowing how criminals operate and the ruses they use to fleece unsuspecting consumers is a big step to avoiding having your identity stolen. In addition to reading this website, the FTC also has an informative page that will help ID popular scams that you may encounter.

Update – The Thriving Fraud Economy Marches On

4/4/2011 >>

If you’ve been receiving email notifications regarding a database breach for various brands, it’s because Epsilon -the world’s largest permission-based email marketer- was hacked. So far, the breach seems to include names and email addresses, but no financial information, but be advised that you are not safe.  From here on out, you can expect to see a whole lot more scams (such as the above referenced) to get you to disclose your confidential data.

Click here for the most current list of Epsilon’s clients for 4/4/2011.

©2010 Peyton Farquhar™ and Prattle On, Boyo™. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Peyton Farquhar™ and Prattle On, Boyo™ with appropriate and specific direction to the original content.


4 Responses to Prattle Encore|The Thriving Fraud Economy

  1. Brent Allard says:

    Great post Peyton! The scammers can be pretty slick and even smart people get taken (I’ve known a few) Great information to get out there!

  2. Lisa Brandel says:

    Great and timely post. It is so easy to get sucked in just a moment of not thinking you can royally screw up your life in a big way. Thank you for this thoughtful and intelligent post!

  3. Thx for the feedback, Brent & Lisa. Crime moves as quickly as technology does so it’s a little hard to keep up with all the scams out there. And with more consumers using their cell phones for global transactions, I wanted to draw attention to the pitfalls.

  4. THREE says:

    great informative post. There should be a ‘reality show’ on the idiot box (i.e. TV), an Apprentice-like best-scammer/hacker ‘contest’ that exposes the new tactics that keep coming up… now that’d be something to watch. Something useful for a change.

Please note comment(s) that do not comport with policy will be held in the queue.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: