May 2006 Newsletter
Internet Identity Theft -- One of the fastest growing Crimes
For 5 years straight, the FTC has ranked Internet ID theft as one of the most reported types of fraud and there are NO signs of it slowing down. It’s responsible for over 40% of all fraud complaints and last year approached a cost of nearly $300 million dollars. Identity theft is a problem that goes far beyond simple credit-card fraud (against which consumers are fully protected, thanks to zero-liability laws and other regulations). True identity theft is when a person’s entire identity is taken over, and for that to happen a scammer needs more information than is found on a debit or credit card. All too often consumers unknowingly, naively and carelessly provide their vital proprietary information by surfing and using computers whose security is breached by virus and spyware infections.
One of the leading causes of ID theft is falling prey to ‘phishing’ attacks, in which a criminal employs a trick e-mail that directs a recipient to a phony website to divulge personal data (like a bank account numbers, social security numbers, credit card info, etc.). For a phishing scam to work you must click the link in a forged e-mail, which might look like it’s from your bank or another financial institution, and then enter your user information on the web page that your browser opens. ID thieves also use technical subterfuge through spyware and Trojans to capture user names and passwords allowing them to gain access to a person’s financial details. By adding antiphishing capabilities to your e-mail through McAfee’s Internet Security Suite, or any other popular integrated-security package that can protect against phishing, your e-mail program can screen the e-mail source code to help you determine whether the content is legitimate. Security software is not bulletproof and must be constantly updated as they are breached routinely.
Although it seems obvious, you need to be very cautious and suspicious about opening e-mail attachments, a common vehicle for Trojan horse programs. An e-mail from a friend, family member, or business associate does not necessarily mean it is safe to open as it might have been infected by a Trojan-bearing worm. (Note: Network worms are the most dangerous of all virus types as they jump from one computer to another leaving a wake of infected computers. And, they secretly scour the Internet for connected computers that don’t have current security updates or firewalls installed. Some of these worms are so sophisticated that they can commandeer your e-mail address book and send infected e-mail messages laden with Trojans to everyone listed.) So, unless you are expecting an e-mail attachment, NEVER assume it is safe to open. Although it might seem tedious, if you received an email that you are unsure about, email that person and ask if they did indeed send an e-mail with an attachment.
We all are receiving seemingly innocuous e-mails like jokes, must-read info, things to pass on to friends and we may be unwittingly either sending or receiving infected e-mails that are unleashing key logging programs or other malware designed to steal your identity. Also, it is extremely easy for someone to forge an e-mail message. If a message requests that you send your password or other private information, or asks you to run or install an attached file, it is very likely that the message is NOT legit. When in doubt, ALWAYS mark the message as ‘junk’ and DELETE it.
As a routine, safe-computing practice that can help you to avoid many ID-theft scams, you should ALWAYS enter a web site’s URL in a new browser window. For example, if an e-mail claiming to be from your bank asks you to log in to verify your password or account information, resist the temptation to simply ‘click’ on the link in the e-mail itself, regardless of how authentic the message might appear. Phishers commonly try to fool us by copying a website to look like they are actually from our bank, PayPal, Ebay, etc. A typical example is an e-mail from Ebay or PayPal that asks to please update your credit card or debit card information by ‘clicking’ here and submitting our form. PayPal will never send an e-mail addressed to “Dear PayPal User.” They will ALWAYS use your first and last names and 2 pieces of information that Identity thieves would not know (until you unwittingly tell them). In many cases the actual link in the HTML code will be different from the URL displayed. So, NEVER go to a site via a provided link. ALWAYS either copy/paste or type the URL into the window yourself.
Educate yourself about online threats and follow your intuition. If something feels wrong or seems suspicious about an email, link or website, assume it is! Constantly update your anti-spyware and anti-virus and use the latest and best protection available to you. You can also contact your bank, as they will provide you with valuable information on protecting yourself against ID theft and hints on how to maintain your privacy. Additionally, some important sites you can visit for information to help educate yourself about phishing attacks and other online scams are:
www.antiphishing.org
www.consumer.gov/idtheft
http://safety.msn.com/phishing
And remember, if you receive this Newsletter via e-mail, either copy and paste or type these links into a new browser window, or be sure not to fill out any forms, or otherwise submit confidential information once you get there!
Ultimately, while technology (anti-virus software, firewalls, etc.) can help protect you, you must use common sense, and be just as vigilant on the internet as you would walking down the street regarding your personal safety.
Mark Spencer, M.A. S.A.F.E.
© Copyright 2006 S.A.F.E. All rights reserved.
