identity

How to avoid online scams and indentity theft

By : Sean Brown |April 11, 2012 |Clicks and Bits |0 Comment

Phishing scams and identity theft represent a serious threat in today’s on-line playground. This article describes tactics used by phishing scammers and strategies to avoid identity theft.

What is Phishing?

Phishing is an attempt to trick you into doing something you don’t want to do. Phishing emails try to coerce you into giving away your most valuable information—bank account numbers, credit card numbers, passwords, social security number, even your mother’s maiden name. The people behind phishing scams want all your personal info, and they’re willing to go to great lengths to trick you into handing over your identity.

Phishing Scams Lead to Identity Theft

Phishing scams often arrive as cleverly disguised emails. They may appear to be sent by trustworthy companies like eBay, PayPal, or your local bank or credit union.

Phishing emails may make threats like “Attention! Your PayPal account has been violated!” or “If you choose to ignore our request, we have no choice but to suspend your account.” These matters seem urgent and unless you recognize the email as a phishing scam, you might fall victim to it.

Some phishing emails try to convince you that something good will come from your participation. A phishing email might say, “We are pleased to introduce our fully upgraded online banking. By clicking the link below, you will begin the process of updating your user details.”

Email and links to website

Clicking a link in a phishing email typically takes you to fake website. The phishing site is designed to look almost identical to a company’s real website. The phishing site may even link to the official site and may use the same graphics, colors, and logos. This is all done to lull you into a false sense of security.

The phishing email and website are designed to get you to fill out their online web form. Once you’ve done that, the scam is complete.

An online web form used in a phishing scam asks for your personal info. They want anything you’ll give them, including your bank account numbers, credit card numbers, social security number, passwords, etc. They might use your info to apply for new credit cards, run up bills on your existing cards, take out loans (never to be paid back), and anything else they can do.

How to Recognize Phishing Scams

How can you tell the difference between a phishing scam and a legitimate email or website? Unfortunately, phishing scams are becoming more and more sophisticated and increasingly difficult to identify. However, there are several strategies you can use to recognize phishing scams.

  • Be skeptical. Since you know phishing scams are out there, be skeptical of emails you receive. Has your account really been violated? Do you really need to update your account information? Most companies don’t wait until the last minute to spring emergencies like this on their customers. They send several notices, often times through the regular mail, or they call to warn you of potential security breaches. If you get emails like this, look for clues that they might be fakes.
  • Verify the web address and email address. Checking the addresses is a good way of discovering a scam. If the first part of the web address consists of numbers, the site should probably not be trusted. For example, this is an untrustworthy address: http://172.168.15.100/ebay/account/. Even though “ebay” is part of the address, the first part contains numbers (called an IP address). This is a sign that something may not be right.
  • Look for signs of security. Real corporate websites use secure, encrypted web pages any time their customers are asked to send personal and financial information. Look for “https://” in the web address. The “s” stands for “secure”. Also look for a locked padlock icon in the lower part of your browser window. The locked padlock icon indicates the site is encrypted, which means your data is protected when you send it over the Internet. If you don’t see these signs, then the site could be a fake.
  • Look for fishy details. Most legitimate corporate emails and websites look professional. Phishing scams try to fool you, but like a photocopied dollar bill, they just don’t look right. Look for bad grammar, bad spelling, and bad design. If your instincts tell you something’s fishy, it probably is. Phishing scams are becoming more sophisticated each day, so this is not a sure-fire way of sniffing out a fake, but it’s still a good place to start.
  • Make a few phone calls. Before you click any links or fill out any forms, call the company—and don’t use the phone number in the email. Get a real person on the phone to help you verify the legitimacy of the email you received.
Read More

9-Digit Combination To Life

By : Sean Brown |January 10, 2012 |Clicks and Bits |0 Comment

In the post-September 11th world, security and intelligence is important, but where does national security end and personal privacy begin?  Let’s clarify a few things to start; I am not a terrorist, I do not have anything to hide (and I share certain information with anyone who asks) but I feel very strongly that my personal privacy should not be invaded by companies riding the coat-tails of generic regulations designed for specific reasons.

In today’s hi-tech world, people are able to easily obtain information on [just about] anyone through public records or through other disingenuous ways; I touched on this in one of my posts (Identity vs Anonymity) and it has always been a running theme of the way I live my life, not secretly but securely.

Sadly, Identity Theft is on the rise and there have been many news reports outlining the way these criminals obtain your information and how simple it can be.  How can something as unique as your identity be obtained and manipulated so easily so that another person can use it to obtain credit in your name, get government benefits in your name or even commit other criminal actions posing as you?  What adds insult to injury is the fact that once your identity has been stolen, the act of trying to fix everything is virtually impossible.

I wrote this article to shed some light on some shady business practices which are being abused every single day by plenty of companies.

Identity

Your identity is personal, it is the definition of who you are.  You do not have to share it if you do not want to.  Of course if you want to exist in any sort of modern-society, you’ll have to divulge your identity to establish credit, own a house, or get a job, etc.  I want to make this abundantly clear to EVERYONE; You do not have to legally divulge your social security number to ANY ONE FOR ANY REASON.  It’s quite simple; CERTAIN organizations and industries are required (by law) to obtain a social security number, MOST (basically all) companies who ask for it do not have a right, obligation or a valid reason to obtain it.

Who can (and should) ask for your Social Security Number
[list style="tick"]

  • Banking/Financial/Credit Guarantors
  • Employment

[/list]
Who shouldn’t but [try to] ask for your Social Security Number
[list style="tick"]

  • Utility Companies (Power, Water, Gas)
  • Land line/Wireless/Cable Companies
  • ANY Vendor who you do not have a pre-established credit account

[/list]
Here’s where things get shady and [borderline] illegal; Many companies (especially utility companies) are trying to FORCE consumers to divulge their social security number for no valid reason to a call center operator in order to establish an account, saying such things as “It’s required” or “Our systems won’t let us open an account without it”.  This is poor training (or excellent training… whichever way you decide to view it); It has been clearly defined by the federal government on how to identify individuals, including alternate method of positive identification (other than social security number).

In a nut shell, it’s easier for companies to simply obtain a simple 9-digit social security number to identify an individual and move on to the next step; Here’s where the problems begin… Ask yourself:
[list style="tick"]

  • Who is on the other end of the line?  How trustworthy are they?  Are you 100% positive they’re not going to use your personally identifiable information for nefarious tasks?
  • Where is this information going?  Who is going to see all of my information?
  • How safe if my information?  Does this company have a competent IT staff and a robust infrastructure that can effectively encrypt, store and protect my information from hackers?
  • How long is all of my information retained for in the event I close my account?  How is it safe guarded?

[/list]
With those four simple questions, you should begin to figure out why identity theft  is prevalent in today’s society. 25% of the identity problems are related to the person divulging information and 75% of the security of your information once it’s been turned over.

To re-visit the call-center operator training I mentioned earlier;  They are trained to get the social security number… Federal guidelines dictate that companies who must positively identify individuals must have an alternate method of verification of which does not require a social security number and/or human interaction, such as:
[list style="tick"]

  • Automated third-party phone verification using personally identifiable information obtained through public record.
  • Ability to produce (in person) 2 or more forms of valid, state/federal identification.

[/list]
Where my “poor” or “excellent” training comment comes into play is that every single company who must positively identify an individual does will ask for a social security number, but not [easily] give an alternative option for ID verification.  Typically, supervisors are trained enough to have those options, but all of your front-line call center representatives [must] miss that portion of “training,” thus forcing the general public to divulge this crucial part of their identity to someone they don’t know, all because we won’t fight to protect ourselves?!

Bureau this

Because this country is/has been established on credit, it’s VERY important to protect your identity and your credit rating (defined by a group of three for-profit companies evaluating every one of us on a 25-year old method of calculating risk).  I have very little good things to say on how our credit risk is calculated, BUT it is something that we all will learn to live with, knowing how your social security number is the 9-digit combination to the vault of your life is very important to comprehend.  I certainly wouldn’t give this combination out to everyone, and neither should you.

Read More

Indentity vs Anonymity

By : Sean Brown |October 31, 2011 |Clicks and Bits |2 Comments

I find it interesting that the word “googling” is “officially” listed as a verb in Merriam-Webster’s online dictionary; Everyone [at some point] has googled themselves – not out of egotism but out of curiosity.  If you have a unique name your search results are generally focused on you, a common name – not so much.

Ask you self… Why are there so many results for my name? What is relevant and what is not?  Is there anything out there that shouldn’t be?  How the hell did it get there?

How it got there?

(Sorry for the history lesson) Since the beginning of time (well almost) humans began keeping records of things… Take the ancient Egyptians, laying King Tut to rest in elaborate tombs filled with decorative paintings, sculptures and artifacts – all telling a store of his life up to his death in (approximately) 1323 BC… Fast forward roughly 1500 years to sometime around the 2nd century AD, the Chinese invent paper (hemp scrolls) and begin keeping tabs of things.  This event marked the beginning of document-based record keeping which has evolved from scribbles on odd-shaped hemp paper to the organized record keeping era of the 1960′s to today’s digital age of on demand information at the speed of light.

With the continual evolution of computer processing, storage and inter-networked databases, information is being continually digitized, archived and made available to anyone (good and bad) who knows where and how to find it.

Where does it come from?

  • Public records
    • Purchased/refinanced a house
    • Traffic infraction
    • Civil or Criminal proceedings
    • Owned a business
    • Historical archives (family heritage)
  • Public Utilities
    • Home phone
    • Power company
  • Creditors
    • Credit Card companies
    • Car loans
  • Social Media
    • Facebook
    • Twitter
    • Myspace
    • News paper articles

The list above is quite broad and includes on-line indexing and direct marketing (usually shows up in your mailbox as “pre-screen offers”).  Yes there are differences, but i’m not going to get into that in this post; no matter how you slice it, if you find your information on the internet it was placed there by someone.

How accurate is it?

In the most basic sense, the information you see about yourself is as accurate as you make it; obviously if you have common name shared with lots of people, information may cross paths but if you bought a house, it will show up (assuming your bank verified your identity).  If you’ve received a speeding ticket (guilty or not) it is logged as public record and it will show up (assuming it’s your drivers license).  If your facebook/myspace/google plus pages are not private, your posts, friend associations, interests and pictures will all be indexed and will show up.

How do I fix my online identity?

Well this is a little harder then it sounds…  There are plenty of web sites that allow you to find people; all of these sites simply scour the internet, public records, direct mailing lists and other sources to compile a huge database of information.  Most of the larger sites have easy ways to remove or update your information.

BE AWARE that any information you use to remove or update the profile with it now stored in the respective site’s databases! All sites SHOULD have a privacy link (usually towards the bottom of the page) – this link does provide a lot of useful information about what information is kept, how it’s used and the ability to remove or opt-out of communications from that company or companies it chooses to share its’ marketing lists to.

You should know that the internet is a nasty place – anything that’s been indexed by google or other search engines or sites is typically kept forever… yes… forever.  If something is wrong or there is derogatory information, if is YOUR responsibility to fix it, not the web site owner.  As an IT professional I’ve helped people clean up their identity, some easy, some involving lawyers, litigation and DMCA notices for removal of copyrighted information.

Identity vs Anonymity

Either way you choose, your online identity is something that is being used by marketing companies to send you junk mail (electronic and in your mailbox), private investigators to find you, old friends looking to get in contact with you, identity thieves to steal identity and even potential employers to pre-screen job applicants based upon what they see about you.

No matter what you use the internet for, be very careful about what information you give out and also what information is already available for others to see.

Read More