|
Beware This
Latest Threat to Your Personal
Identity!
by
Scott Jordan, President, DELTEC
It is really too
bad, but the reality today is that we can’t be too trusting
any more. It seems like there is some criminal around every
corner ready to dupe us into giving up personal information
and then stealing us blind. The only solution is to be
vigilant, and sadly, a little paranoid.
 The latest of the schemes already has a name. It is
called “vishing.” If that doesn’t sound descriptive, don’t
worry, it will make sense soon. Many of you may remember
hearing of a technique called “phishing”, a play on words that
basically names a social engineering technique used to steal
your identity, or at least parts of it. The phishing technique
relied on an email sent to you, apparently from a trusted
source, such as Microsoft, eBay, or a major bank, asking you
to follow a web link to “reactivate” or “update” your account.
The email, link, and everything was cleverly disguised to look
very legitimate. However, the link, of course, led to a site
that happily collected your personal information directly into
a criminal’s database for later sale on the black market. The
term “phishing” then was coined as a nomenclature for the
practice of fishing for credit cards, social security numbers,
bank account numbers, and the like.
The newer technique
continues the older theme, but takes advantage of Voice over
Internet Protocol, or VoIP telephone technology; hence the
term “vishing.” This is a clever one, and honestly, to me even
scarier. Consider the following scenario: You receive a
voicemail or text message on your cell phone from a “national
bank”, coincidentally, the very “national bank” that you use.
The message informs you that your account is on hold because
of some suspected fraud activity and urges you to immediately
call a certain toll-free number to clear up the situation.
When you call the number, you are greeted by a very
professional-sounding menu system from “national bank” with
message prompts that instruct you to enter your social
security number, account number, credit card number,
expiration date, and security code from the back of the card,
or some combination of the above. Thinking you have just
averted a disaster, you hang up the phone. Meanwhile,
somewhere in Eastern Europe, counterfeit credit cards are
being printed with your name and card number and being sold on
the Internet. Your identity has just been stolen.
With current VoIP
technology, it is very easy and inexpensive for a criminal to
set up a toll free number, and a computer system to take the
calls and accept the data entered directly into a database.
Other variations on this technique involve emailing you a
message that asks you to call a number or sending you a text
message to call the number. With each technique, the costs are
low, the results are good, and the whole process is very
difficult for authorities to track.
Don’t let it happen
to you. This message is not meant to be fear-mongering, but we
do want to get your attention. Dan Larkin, chief of the FBI’s
Cyber Initiative and Resource Fusion Unit recommends greeting
a phone call or e-mail seeking personal information with a
healthy dose of skepticism. The bottom line is this, if you
get a text message, email, or voicemail requesting you to give
out personal information, do not do it. No legitimate
organization is going to ask you for personal information in
such a way. More resources: If
you feel you have been victim of a fraud, immediately report
it to the Internet Crime Complaint Center at
http://www.ic3.gov/. If you are concerned about the security
of your corporate knowledge, or your employees’ personal
information, give us a call. We won’t ask for your social
security number! |
