One way on which many people fall victim to identity theft is through what is known in online parlance as “phishing.”  With this understood, it is very important that you have a basic understanding of what phishing is all about.

The term phishing actually is derived from the word fishing.  And, the derivation actually is very illustrative.  In simple terms, when it comes to phishing and identity theft, a scoundrel actually uses the Internet as a means of “fishing” for your personal or financial information or both.

More…

An example of phishing as part of an identity theft scheme would involve the use of email.  A target would receive an email purporting to be from a bank or financial institution.  (There are many other types of phishing schemes; the banking one is merely being used as an example.)

Through this sort of phishing email scam, you will be asked to click on a link which will take you to a sham website – that very well may look quite like the real thing.  At such a site, you will be asked to input your personal or financial information for one reason or another.  In the alternative, the email itself may contain a form for you to fill out, to complete with your personal and financial information.  In the end, all you are doing is handing your personal and financial information to an identity thief on the proverbial Golden Platter.

There are also some other phishing techniques that are utilized in the furtherance of identity theft schemes.  Nonetheless, the tactics that have been set forth in this article really are the most common types of phishing being used to further identity theft schemes and scams in this day and age.  In the end, it is very important that you stay on guard for phishing when you are online.  By being alert and vigilent you will be able to reduce your risk of becoming the victim of identity theft. You may also want to look at hiring an identity protection service company.

Pretexting is basically the art of lying. A person will conjure up an imaginary situation or scenario and use it to trick people out of their personal details or to participate in a certain act. The most common forms of this type of identity theft is done over the phone.

When a well known company phones you up, for example, a representative of a bank or credit card company, they will use personal information to allow you to know not only who they are, but also to prove that they are speaking to the right individual. Pretexting will work in exactly the same way. A person will find out information about you, prior to the phone call, or house visit, and then use it against you so that you believe they are a person of authority and from a legitimate company with a legitimate reason to ask you personal questions about your private details. This misconception will then allow you to divulge other information that you would normally only give to the people in the bank, as one example.

The person who is performing the art of pretexting will then use the details you have supplied to perform crimes related to identity theft – applying for loans or credit cards in your name and then stealing the successful applications from your mailbox before it reaches you. This is just one example of how that information can be used. It can be used for applying for passports and other official documents to be used in the act of illegal immigration, and also in terrorism and maybe even blackmail, against you, the identity holder.

Pretexters will impersonate anyone, from colleagues from your place of work, police officers, insurance company personnel, and also may pretend to be someone from banks, loan and credit card companies, the list goes on and on. How many times have you divulged information over the phone to someone who you believed had a legitimate reason to know the information? The chances are, it was a real person from a real company, and they weren’t pretexters, but in reality, how can you be so sure?

There are no definite answers on how to prevent this from happening, apart from – never give your personal details out over the phone or to someone that visits your home. Always go to the branch of your bank to sort out any problems, or phone the number back yourself to ensure you are actually phoning the right people, and not giving out details about yourself to just anyone! Just always be on your guard and if you don’t think it is real, don’t tell them anything!

It’s almost Valentine’s Day once again but before opening up that  E-Valentine’s Card, you may want to think again.  It may not be coming from cupid but instead from someone ready to spread the so called Storm Worm virus.

The Storm Worm virus have used the various holidays in the previous year to send out millions of emails and electronic cards such as Valentine’s E-Cards.  It is a malicious software (malware) and it does infect computer machines and made it become a part of of the Storm Worm botnet.  A botnet is a network of compromised machines but under the control of a single user.  Botnets are known to be to be set up to facilitate criminal activity such as phishing, spam emails, identity theft and other servcice attacks to spread malware to other computers online.  When a user clicks on the email link, he automatically downloaded the malware and his computer system is infected.

It is very important to be extra careful in opening up any e-card emails. Make sure that you know the sender before opening e-cards.  Do not open any unsolicited e-mail and if you accidentally opened them, never click on any links provided.

Web-based identity theft is on the rise and Internet users should definitely invest as much effort in safeguarding their information online as they might do in the real world.

Wi-Fi Hackers and Suckers

It’s common place these days, café regulars and people living in close apartment buildings using other people’s Wi-Fi to surf the Internet for free. Rather than pay for it, it’s just as easy (perhaps easier) to search for available networks that have not been password protected by the account holders.

Stealing someone else’s Wi-Fi seems like a rather small crime really, but it’s a potential hacker’s haven. When you use someone else’s account, you have granted them access to your computer and your personal information contained. And, that could be exactly what they want you to do!

The holder of the Wi-Fi account can easily create a proxy server and use it to capture your data. They can even set up their computer to decrypt information, like bank passwords.

It’s a case of the hunter becoming the hunted. Or, the hacker becomes the sucker.

But what about the opposite, where someone new to Wi-Fi has no idea that people in close proximity can use their connection if it’s not suitably protected. Some people don’t care if others use their wireless internet.

Those that don’t care probably should, there are lots of unsavory things a person can do using your internet. Many of them are illegal. If you allow such activities your facing the blame for online fraud, or even copyright infringement if they host illegal movies using your bandwidth… which is traced back to you.

In addition, it’s a perfect way to expose yourself to identity theft. Someone piggybacking on your wireless connection can read your emails and watch your usage to build up a profile. As well, they can steal your passwords and potentially anything in a bank account that was protected by those passwords.

It’s alarming how many people protect their PC with anti virus and firewalls yet have not secured their Wi-Fi. If you think you don’t need to secure your router because you have anti virus or a firewall you’re wrong. A hacker can easily bypass those systems once they‘re in. It’s kind of like having a home alarm and not turning it on.

The Middle Man Attack

ARP Poisoning or ‘middle man attacks’ are a common hack in Wi-Fi hotspots. Basically the attack involves fooling the victim’s wireless router into thinking that all information on the subnet needs to flow through the attackers PC.

The hacker then just sits back and watches the information flow through. Passwords, bank accounts, emails etc.

Wardriving in the USA

Occasionally an IT professional will write a story for a magazine on Wireless internet security flaws. Usually, the first thing they will do is turn on their wireless card, jump in their car and see how many unsecured wireless connections are running out of suburban homes.

The bad guys in this are the people documenting the locations with GPS so they can later return and hack the connection. This practice is called wardriving and is becoming big in the US.

Here are 3 ways to report phishing:

First, you can report phishing to the Anti-Phishing Working Group (APWG). The APWG is a volunteer organization focused on eliminating the fraud and identity theft resulting from phishing, pharming and email spoofing of all types. Note that premium members include VISA, Yahoo and eBay. The APWG is currently building an archive of phishing scam emails and websites to help people identify and avoid being scammed in the future.

If you have received a phishing email, copy the entire phishing mail and send to reportphishing@antiphishing.org. Do not forward the phishing email as this approach loses information and requires more manual processing. The APWG will then review the message and any websites to which it links and post it to the Phishing archive.

Another way is to report phishing to the Federal Trade Commission (FTC). The FTC is a federal agency that works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. You can file a complaint at the FTC website (http://www.ftc.gov/idtheft) or call their toll-free hotline (1-877-ID THEFT).You can also choose to send mail to spam@uce.gov. Make sure to copy the entire phishing mail into your email.

It’s also recommended to report phishing to the company that is being imitated. You can send an email or call by telephone. If the phishing concerns eBay or PayPal, copy the phishing email and send to spoof@ebay or spoof@paypal. The relevant department will then attempt to get the phishing site shut down. Your report is crucial as it will enable the company to warn its customers not to respond to any requests for personal information.

By taking a few minutes out of your time to report phishing, you can also help other people be more aware about the scams. Moreover, you can help the companies/organizations track down phishers and eventually take them down. All in all, by making the simple task of reporting phishing, you end up not only protecting yourself from this scam but others as well.