Identity Theft Risks Increase with “Custom” Phishing
Blog www.CreditLock.com_Home Identity_Theft Credit_Freeze Credit_Monitoring Credit_Reports Do_Not_Call_List FAQ About_Us Privacy_Policy Members
Most consumers concerned about Identity Theft have heard of Phishing: a name given to a fraudulent communication, typically transmitted through an email, pretending to be from a trustworthy institution, such as a bank. A Phisher looks to acquire sensitive private personal information, from unsuspecting individuals. Such information is then used to fraudulently withdraw money from the victim’s bank account, or to engage in another Identity Theft related crime.
Until recently, Phishers have used “generic” techniques, reproducing the corporate identity of a reputable institution, such as Paypal or Chase bank. Such Corporate Identity, distinguished through logos, colors, formats etc… is used to highlight a generic message such as: “The security of your account may have been compromised, and unless you click the link below to verify your information, you will loose access to your account.”
Such criminal techniques have become well known. Consumers have been well advised not to click on such emails. Consumers are still left with the task of distinguishing between authentic and fraudulent emails. When the email’s message is generic and non-personal, a consumer can safely assume it may be a form of Phishing. However, when an email’s message is personal, or relates to a recent action by the consumer, then the consumer is less likely to identify Phishing.
Such “Custom” Phishing is likely to increase Identity Theft risks. Criminals use spyware and other investigative techniques in order to acquire semi-private personal information for a certain individual. Then such information is embedded in a Phishing email, in order to retrieve additional private and sensitive information.
In an example of “Custom” Phishing, an individual recently received an email pretending to be from Paypal (a payment processing company with more than 120 Million customers). Such email looked exactly as if it had been sent by Paypal, with the proper logo, colors, formats, etc…. Furthermore, such email warned the recipient that he has been accessing his account from outside the U.S., and unless information is verified, his account will be frozen.
As it turns out, the recipient was indeed accessing his account from outside the U.S. during the past few days. Whether the Phisher attained such information through a spyware, investigative technique, or pure luck, is not known. Despite the recipient’s Identity Theft and Phishing awareness, the timing of the Phishing email, and the nature of its content, caused him to wonder whether such email was authentic or not. Rather than click on the email, the recipient forwarded the communication to spoof@paypal.com , and Paypal confirmed that such email was indeed Phishing.
As such “Custom” Phishing techniques evolve, there is a higher likelihood that even suspecting consumers can possibly fall prey to a Phisher’s net. In order to avoid becoming a victim of Identity Theft, a consumer may soon have to request authenticity validation for most or all communications received from a “supposed” reputable sender. This could ultimately lead to the “Next Generation” of Smart Email Management Programs. Such programs would have the capability to automatically validate any incoming emails, and placing all suspect emails in a “Phishing Alert” folder for review and possible deletion. Until such day arrives, Consumers Beware….
Technorati Tags: identity theft, identity fraud, identity theft protection, business, malware, phishing, crime, technology, internet, security
Save To Del.icio.us 
Seed Newsvine
