44.493
Issues in Criminal Justice Technology & Security
Identity theft
How is it done? (continued)
One of newest variations
is "phishing," in which you are sent what
appears to be a legitimate email that directs you to a website
where you are asked to divulge personal information such as social
security numbers or bank accounts. Phishing involves "both
social engineering and technical subterfuge to steal
consumers' personal identity data and financial account credentials.
- "Social-engineering schemes
use 'spoofed' e-mails to lead consumers to counterfeit websites
designed to trick recipients into divulging financial data such
as credit card numbers, account user names, passwords and social
security numbers. Hijacking brand names of banks, e-retailers
and credit card companies, phishers often convince recipients
to respond.
- Technical subterfuge schemes
plant crimeware onto PCs to steal credentials directly,
often using Trojan keylogger spyware. Pharming crimeware
misdirects users to fraudulent sites or proxy servers, typically
through DNS hijacking or poisoning"
Another is "DNS
poisoning," which takes over a computer and installs
range of adware and spyware. "Very sophisticated attack."
It involves: fooling domain name system servers into directing
those heading to any .com site to "a malicious Web site that
the attackers control. That Web site then surreptitiously installs
a wide range of adware and spyware on the victim's computer. Results
include:
- complete disruption of Internet
connection for anyone using the affected DNS server. That can
be an entire company in case of small firms.
- later, the company must clean
up adware and spyware.
- "an estimated 3000 DNS
servers at a range of U.S. companies, including at least two
with more than 8000 employees, were compromised over the past
month."
Still another is turning home-based
computers with always-on connections (and without current firewall
protection, etc.) into "zombies,"
which are then used to spread up to 80% of all spam. One of the
dangers to individuals is U.S. Code Title 18, which says that
anyone whose computer contains child pornography files, "regardless
of intent, has committed a felony and is subject to five years
in prison. This includes zombie victims, anyone who has had a
pop-up window with illegal content appear on-screen, and so forth."
What are techniques to combat it?
- There are some
simple steps which individuals can take to reduce their risk:
- Sign your credit cards as soon
as they arrive.
- Carry your cards separately
from your wallet, in a zippered compartment, a business card
holder, or another small pouch.
- Keep a record of your account
numbers, their expiration dates, and the phone number and address
of each company in a secure place.
- Keep an eye on your card during
the transaction, and get it back as quickly as possible.
- Void incorrect receipts.
- Destroy carbons.
- Save receipts to compare with
billing statements.
- Open bills promptly and reconcile
accounts monthly, just as you would your checking account.
- Report any questionable charges
promptly and in writing to the card issuer.
- Notify card companies in advance
of a change in address.
1 | 2 | 3 | 4
| 5 | 6