Identity Theft Evolves; Phishing, Vishing, Malware, what is Next?
Blog www.CreditLock.com_Home Identity_Theft Credit_Freeze Credit_Monitoring Credit_Reports Do_Not_Call_List FAQ About_Us Privacy_Policy Members
What is the oldest profession in the world? No, not that one…
If stealing can be considered a profession, then it will undoubtedly top the list. Unfortunately, many criminals do consider stealing a profession. To the detriment of society, such “professional” thieves are constantly evolving and finessing their techniques, taking their “profession” to the next level. I suppose you can say “they are keeping up with the times…” They are keeping up with the times, but unfortunately, honest folks are having trouble keeping up with them. Every day, tens of thousands of unsuspecting consumers are falling prey to sophisticated scams and ruses by such ”professional” thieves.
The statistics are staggering. Estimates of Identity Theft victims range anywhere from 8 Million to 15 Million victims in 2006 in the U.S. alone. Financial losses are in the tens of billions annually, totaling over $100 Billion in 2005 and 2006 combined. This is a serious problem. The best defense is education and deterrence. The problem is that you can only get educated on topics and matters that have been discovered. Furthermore, you typically can avoid something only if you know what it is you are trying to avoid. How about those famous “Known, Unknowns” and “Unknown, Unknowns” as paraphrased from Mr. Rumsfeld?
Identity Theft is committed through several different known venues: old fashioned stealing, dumpster diving, skimming, phishing. telemarketing fraud, etc… Now a new threat is emerging: Vishing. Phishing and Vishing are essentially the same scam. The difference is that Phishing is committed on the computer, through emails and web, while Vishing is committed over the telephone.
Vishing is when you receive a telephone call from a “supposed” reputable entity, prompting you to provide private, confidential information for one reason or another. Then such information is used to withdraw money from your bank accounts, or secure loans under the pretext of your identity. For example, you may receive a call from someone claiming to be the bank where you hold your mortgage. They may claim that they have not received any recent mortgage payments from you, and unless you make such payments immediately, they will start foreclosure procedures. If, by coincidence, you are indeed late in your payment, you may proceed to make payment over the phone, by providing your bank account number, account name, social security number, bank routing information, etc… Then the caller will use such valuable information to commit Identity Theft, possibly causing you substantial financial damage.
Some may think it is unlikely they will fall victim to such scams. How is it possible that the caller will know where I have my mortgage? How will they know if I am late on my payment or not? etc… Thieves are not expecting to convert every call they make. If they are able to convert 1% of their calls, they may be satisfied.
Avoiding Vishing is easy: never provide your personal information to anyone calling you. If you need to, only provide information to calls initiated by you, to phone numbers you know are legitimate. Consumers can only take such step if they have heard of Vishing. However, if someone has never heard of Vishing, then they may fall victim to such scam.
A recent report published by Cyveillance estimates that growth in Phishing and Malware has accelerated in recent months. It is estimated that the number of institutions targeted by Phishing scams have increased by 50% since January 2007, to 1200 institutions from 800 institutions. New industries, and smaller organizations are being targeted.
Malware is unauthorized software designed to infiltrate a computer system. Malware used for Financial Fraud has also increased dramatically. The report estimates that the number of Malware infected URLs have increased by over 200% from December 2006 to February 2007. An example of how Malware works is as follows. A computer program fraudulently installed in your system can re-direct a browser to a fraudulent web site when you enter a legitimate web site address in the address bar.
Malware is more difficult to avoid than Phishing and Vishing. One drastic and expensive solution is to maintain three separate computers: one which never connects to the internet, one which is used for retrieving emails and downloading files, and one which is only used to access websites of reputable institutions whose web address you know. A less drastic and less expensive solution would be to purchase software which may be able to detect Malware (such solution may not be 100% effective). The Cyveillance Report tracked one such Malware scam, and discovered that of the 12 different variations of the scam, only 2 were discovered by leading anti-virus solutions.
As Identity Theft spreads and evolves, what’s next? Most likely, Identity Theft will evolve to bypass the need for consumer participation in the provision of information. As consumers become better educated about the risks of Identity Theft, and take steps to avoid known Identity Theft threats, criminals will seek to secure ill-gotten data from mass storage sources. Examples include the occasional “loss” of a laptop containing hundreds of thousands of social security numbers, to the hacking into systems of major institutions. Undoubtedly, such events and risks are nothing new. However the frequency of such events and similar tactics may increase substantially, through the infiltration of sophisticated Malware not only into the home, but also into the office.
Consumers can undoubtedly take necessary steps to safeguard information under their own control. However, consumers have limited powers in safeguarding their personal information available elsewhere, such as at banks, credit unions, credit reporting agencies, insurance companies, hospitals, landlords, utility companies, etc….
Ultimately, consumers’ only defense may be to limit the possibility of Identity Theft damage, given that others may fail in safeguarding their personal information. Identity Theft damage can be limited through a Security Freeze, also known as a Credit Freeze or Credit Lock. Such option may result in some inconveniences, but such inconveniences may be well worth it, in order to avoid the staggering consequences of unauthorized access to one’s credit report.
Technorati Tags: identity theft, identity fraud, identity theft protection, business, credit lock, security freeze, credit freeze, malware, phishing, crime, vishing, internet, security
Save To Del.icio.us 
Seed Newsvine
