In my previous post about the threats of mass mails, I’ve mentioned about the risk of revealing your personal data when replying to mass mails. More specifically, it could be a mail from an organization stating that you have won their lottery game and you should be awarded. It could be a mail from your bank stating about the recent problems with your account and asking for your personal data so that they could have proper resolution … There are so many types of tricks to steal your personal data. However, they share the main goal, which is to reach your resources. This is considered as identity theft and I would like to extend my previous post through discussing more about identity theft.
Identity theft, also known as ID theft is a crime in which a criminal obtains key pieces of personal information, such as Social Security or driver’s license numbers, to obtain credit, merchandise, and services using the victims’ name. Identity theft is not a new crime. It has simply mutated to include new technology such as ATMs and transactions on the World Wide Web. The automation of both credit card and banking transactions has made it easier to steal a person’s identity. A credit card is almost always used nowadays as part of a way to verify a person’s identity. If another person has it in his or her possession and can display it to pretend that he or she is you, then your identity is successfully stolen. This also enables the criminal to steal money by opening up new credit card accounts and running up charges on them.
Arguably, the most common identity theft is phishing scam. In a phishing scam, a company or individual creates an email that appears to be from a respected financial institution – your bank or a website where you might have an account. Phishing scams began in the mid-1990s not to obtain bank or credit card information, but to get free online access. In those days, ISPs like AOL charged by the minute. Phishers would try to obtain AOL members login user id and passwords by sending e-mails appearing to come from AOL’s member services department. The fake email would ask recipients to verify their user names and passwords. The scammers would then log on, using the victims’ accounts, and run up a bill. Phishers target a variety of customers: from CitiBank (which is currently used in 54 per cent of phishing messages) to AOL, Amazon.com, Ebay, PayPal and others.
At first glance, phishing emails and the associated websites may appear completely legitimate. One recent phishing attempt in the U.S. used the names of the Federal Deposit Insurance Corporation (FDIC) and two of its officials, as well as the Department of Homeland Security. What Internet users may not realize is that criminals can easily copy logos and other information from legitimate businesses’ websites and place them in phishing emails or bogus websites. Additionally, if the recipient of a phishing email clicks on a link it contains, the window of the Internet browser that opens may contain what looks like the true Internet address of a legitimate business or financial institution. Unfortunately, some phishing schemes have exploited a vulnerability in the Internet Explorer browser that allows phishers to set up a fake website at one place on the Internet, which will make it appear as if the Internet user is accessing a legitimate website at another place on the Internet. Most phishing emails include false statements intended to create the impression that there is an immediate threat or risk to the bank, credit card or financial account of the recipient. The phony FDIC emails mentioned above falsely claimed that the Secretary of Homeland Security had advised the FDIC to suspend all federal deposit insurance on the recipients’ bank accounts. Other recent phishing emails have falsely claimed that the recipients’ credit card was being used by another person or that a recent credit card transaction had been declined. As another example, a mass email circulated in the summer of 2004 advising customers of a leading Canadian financial institution, which had experienced information technology problems, that they needed to enter their client card numbers in order to access their accounts. In fact, the email was not sent or authorized by that financial institution. In some cases, phishing emails have promised the recipients a prize or other special benefit.
Although the message sounds attractive rather than threatening, the objective is the same: to trick recipients into disclosing their financial and personal data. People who receive phishing emails are also likely to realize that the senders may have used spamming techniques (mass emailing) to send the message to thousands of people. Many of the people who receive that spammed email do not have an account or customer relationship with the legitimate business or financial services company that is purportedly the originator of the email. The people who create phishing emails count on the fact that some recipients of those emails will have an account or customer relationship with the legitimate business, and may be more likely to believe that the email has come from a trusted source. Ultimately, people who respond to phishing emails may be putting their accounts and financial status at risk in three significant ways. Firstly, phishers can use the data to access existing accounts to withdraw money or purchase expensive merchandise or services. Secondly, phishers can use the data to open new bank or credit card accounts in the victim’s name, but use addresses other than that of the victim. Finally, the Internet users may not realize that they have become victims of identity theft.
The Federal Trade Commission has provided a great deal of information about spamming scams, how to recognize them, stop them, report spam, and protect our identity. Though this phenomenon has been mentioned from times to times growing problem, so many people still naively click links inside emails and give away their account information. We can go along way toward protecting our identity by using some common sense right now.