Google announced Monday that it will reduce the lifespan of “Cookies” from 30 years to 2 years. Such Cookies are small files planted on the computers of consumers, primarily tracking internet use and recognizing users’ preferences. Such move will somewhat improve consumers’ privacy.
Identity Theft, which can be exacerbated by cookies associated with Malware programs that infiltrate computers of unaware consumers, can possibly be reduced if Internet Browsing was totally anonymous; however It is highly unlikely that Internet Browsing will ever be totally anonymous for two main reasons. First, technologically speaking, 100% anonymity is practically impossible. Second, existence of search engine companies, such as Google, would be financially jeopardized.
On the surface, Google’s announcement may seem as a drastic measure, cutting the lifespan of its cookies by more than 93%. More…
Identity Theft is the number one crime, affecting about 9 Million victims annually, and resulting in about $50 Billion in annual losses. The I-Phone is the number one consumer product, estimated to have registered over 500,000 unit sales in its opening weekend launch, and expected by some analysts, such as PiperFaffray, to record as many as 45 Million annual unit sales by 2009.
Identity Theft occurrences increased dramatically following the proliferation of the new technology of the internet, accompanied by Computer Viruses, Malware, Phishing, Skimming and more. The I-Phone is termed as a technological breakthrough, supported by over 200 I-Phone related patent filings. Will such technological breakthrough lead to another explosion to the upside in the number of occurrences of Identity Theft?
If there is a risk of Identity Theft associated with the I-Phone, such risk would stem from More…
Identity Theft is often committed through traditional methods such as wallet stealing and dumpster diving. Consumers are also rightfully concerned about cyber-space threats such as Phishing. Identity Thieves “Phish” by soliciting sensitive information through emails or websites fraudulently pretending to represent reputable institutions. Many consumers have become aware of Phishing threats, and have learned not to divulge sensitive personal information through such channels. However, many consumers continue to divulge information they deem “safe”, or “insufficient” to possibly constitute a security threat. For example, a consumer may not be concerned about providing last 4 digits of a social security number, or other single items such as email address, mailing address, date of birth, or other. What many such consumers don’t realize is that such “insufficient” information could possibly expose them to “Mosaic” Phishing. More…
Identity Theft has taken center stage this week following the release by The President’s Identity Theft Task Force of its latest plan: Combating Identity Theft, A Strategic Plan. The aim of the plan, outlined in a 120 page document, is undoubtedly a noble one: to eliminate or drastically reduce Identity Theft and its related negative consequences. In doing so, the task force analyzed most aspects of Identity Theft and its related crimes and tools including Phishing, Dumpster Diving, Carding, Skimming, etc…
The plan has several strengths and represents a great effort to confront one of the most daunting crimes of the new Millenium. However, there are also some weaknesses, as well as potential red flags, as illustrated below…More…
The world has experienced an unprecedented growth in Identity Theft during recent years, fueled by multiple channels including sophisticated Phishing schemes, Malware and infiltration of organized crime. The globalization of Identity Theft will mean that regional efforts to contain the problem will achieve minimal results at best.
In the U.S. it is estimated that as many as 17.3 Million individuals were victims of Identity theft during 2005 and 2006 on a combined basis, with an estimated total of $106 Billion in associated losses (BBB/Javelin). In Canada, the Canadian…More…
In a recent informal poll published at www.CreditLock.com, more than 57% of respondents said they know at least one victim of Identity Theft. That means about one in every two individuals has either been a victim of Identity Theft, or knows someone who has been a victim.
Initially, such result may seem surprising and excessive. It is possible that the results are skewed by the fact that visitors to www.creditlock.com are inclined to be those seeking information on Identity Theft for the same fact that they are themselves victims or know victims. However, even if such results may be skewed, the following facts lead us to conclude that they are not too far from the truth…. More….
Is technology a blessing or a curse? Some may reply: what kind of question is that, after all, if technology was not a blessing, why would human kind pursue it? Technological advances have given us the car, the plane, the moon, an ample food supply, solid shelter, warm clothes, energy, medicine, etc… Technology has also given us nuclear bombs, germ warfare, global warming, and some would argue, loss of privacy… More….
Most consumers concerned about Identity Theft have heard of Phishing: a name given to a fraudulent communication, typically transmitted through an email, pretending to be from a trustworthy institution, such as a bank. A Phisher looks to acquire sensitive private personal information, from unsuspecting individuals. Such information is then used to fraudulently withdraw money from the victim’s bank account, or to engage in another Identity Theft related crime.
Until recently, Phishers have used “generic” techniques, reproducing the corporate identity of a reputable institution, such as Paypal or Chase bank. Such Corporate Identity, distinguished through logos, colors, formats etc… is used to highlight a generic message such as: “The security of your account may have been compromised, and unless you click the link below to verify your information, you will loose access to your account.”
Such criminal techniques have become well known. Consumers have been well advised not to click on such emails. Consumers are still left with the task of distinguishing between authentic and fraudulent emails. When the email’s message is generic and non-personal, a consumer can safely assume it may be a form of Phishing. However, when an email’s message is personal, or relates to a recent action by the consumer, then the consumer is less likely to identify Phishing.
Such “Custom” Phishing is likely to increase Identity Theft risks. Criminals use spyware and other investigative techniques in order to acquire semi-private personal information for a certain individual. Then such information is embedded in a Phishing email, in order to retrieve additional private and sensitive information.
In an example of “Custom” Phishing, an individual recently received an email pretending to be from Paypal (a payment processing company with more than 120 Million customers). Such email looked exactly as if it had been sent by Paypal, with the proper logo, colors, formats, etc…. Furthermore, such email warned the recipient that he has been accessing his account from outside the U.S., and unless information is verified, his account will be frozen.
As it turns out, the recipient was indeed accessing his account from outside the U.S. during the past few days. Whether the Phisher attained such information through a spyware, investigative technique, or pure luck, is not known. Despite the recipient’s Identity Theft and Phishing awareness, the timing of the Phishing email, and the nature of its content, caused him to wonder whether such email was authentic or not. Rather than click on the email, the recipient forwarded the communication to spoof@paypal.com , and Paypal confirmed that such email was indeed Phishing.
As such “Custom” Phishing techniques evolve, there is a higher likelihood that even suspecting consumers can possibly fall prey to a Phisher’s net. In order to avoid becoming a victim of Identity Theft, a consumer may soon have to request authenticity validation for most or all communications received from a “supposed” reputable sender. This could ultimately lead to the “Next Generation” of Smart Email Management Programs. Such programs would have the capability to automatically validate any incoming emails, and placing all suspect emails in a “Phishing Alert” folder for review and possible deletion. Until such day arrives, Consumers Beware….
What is the oldest profession in the world? No, not that one…
If stealing can be considered a profession, then it will undoubtedly top the list. Unfortunately, many criminals do consider stealing a profession. To the detriment of society, such “professional” thieves are constantly evolving and finessing their techniques, taking their “profession” to the next level. I suppose you can say “they are keeping up with the times…” They are keeping up with the times, but unfortunately, honest folks are having trouble keeping up with them. Every day, tens of thousands of unsuspecting consumers are falling prey to sophisticated scams and ruses by such ”professional” thieves.
The statistics are staggering. Estimates of Identity Theft victims range anywhere from 8 Million to 15 Million victims in 2006 in the U.S. alone. Financial losses are in the tens of billions annually, totaling over $100 Billion in 2005 and 2006 combined. This is a serious problem. The best defense is education and deterrence. The problem is that you can only get educated on topics and matters that have been discovered. Furthermore, you typically can avoid something only if you know what it is you are trying to avoid. How about those famous “Known, Unknowns” and “Unknown, Unknowns” as paraphrased from Mr. Rumsfeld?
Identity Theft is committed through several different known venues: old fashioned stealing, dumpster diving, skimming, phishing. telemarketing fraud, etc… Now a new threat is emerging: Vishing. Phishing and Vishing are essentially the same scam. The difference is that Phishing is committed on the computer, through emails and web, while Vishing is committed over the telephone.
Vishing is when you receive a telephone call from a “supposed” reputable entity, prompting you to provide private, confidential information for one reason or another. Then such information is used to withdraw money from your bank accounts, or secure loans under the pretext of your identity. For example, you may receive a call from someone claiming to be the bank where you hold your mortgage. They may claim that they have not received any recent mortgage payments from you, and unless you make such payments immediately, they will start foreclosure procedures. If, by coincidence, you are indeed late in your payment, you may proceed to make payment over the phone, by providing your bank account number, account name, social security number, bank routing information, etc… Then the caller will use such valuable information to commit Identity Theft, possibly causing you substantial financial damage.
Some may think it is unlikely they will fall victim to such scams. How is it possible that the caller will know where I have my mortgage? How will they know if I am late on my payment or not? etc… Thieves are not expecting to convert every call they make. If they are able to convert 1% of their calls, they may be satisfied.
Avoiding Vishing is easy: never provide your personal information to anyone calling you. If you need to, only provide information to calls initiated by you, to phone numbers you know are legitimate. Consumers can only take such step if they have heard of Vishing. However, if someone has never heard of Vishing, then they may fall victim to such scam.
A recent report published by Cyveillance estimates that growth in Phishing and Malware has accelerated in recent months. It is estimated that the number of institutions targeted by Phishing scams have increased by 50% since January 2007, to 1200 institutions from 800 institutions. New industries, and smaller organizations are being targeted.
Malware is unauthorized software designed to infiltrate a computer system. Malware used for Financial Fraud has also increased dramatically. The report estimates that the number of Malware infected URLs have increased by over 200% from December 2006 to February 2007. An example of how Malware works is as follows. A computer program fraudulently installed in your system can re-direct a browser to a fraudulent web site when you enter a legitimate web site address in the address bar.
Malware is more difficult to avoid than Phishing and Vishing. One drastic and expensive solution is to maintain three separate computers: one which never connects to the internet, one which is used for retrieving emails and downloading files, and one which is only used to access websites of reputable institutions whose web address you know. A less drastic and less expensive solution would be to purchase software which may be able to detect Malware (such solution may not be 100% effective). The Cyveillance Report tracked one such Malware scam, and discovered that of the 12 different variations of the scam, only 2 were discovered by leading anti-virus solutions.
As Identity Theft spreads and evolves, what’s next? Most likely, Identity Theft will evolve to bypass the need for consumer participation in the provision of information. As consumers become better educated about the risks of Identity Theft, and take steps to avoid known Identity Theft threats, criminals will seek to secure ill-gotten data from mass storage sources. Examples include the occasional “loss” of a laptop containing hundreds of thousands of social security numbers, to the hacking into systems of major institutions. Undoubtedly, such events and risks are nothing new. However the frequency of such events and similar tactics may increase substantially, through the infiltration of sophisticated Malware not only into the home, but also into the office.
Consumers can undoubtedly take necessary steps to safeguard information under their own control. However, consumers have limited powers in safeguarding their personal information available elsewhere, such as at banks, credit unions, credit reporting agencies, insurance companies, hospitals, landlords, utility companies, etc….
Ultimately, consumers’ only defense may be to limit the possibility of Identity Theft damage, given that others may fail in safeguarding their personal information. Identity Theft damage can be limited through a Security Freeze, also known as a Credit Freeze or Credit Lock. Such option may result in some inconveniences, but such inconveniences may be well worth it, in order to avoid the staggering consequences of unauthorized access to one’s credit report.
Save To Del.icio.us 
Seed Newsvine
