security — October 16, 2012

Don't Go On That Phishing Trip - You Might Get Hooked! Part 1

by Bob Williams

Part 1 - A Very Dangerous Landscape

identity theftSome of us remember when a firm handshake and a look square in the eye were all that was needed to close a deal. A person's word was their bond. Nowadays, of course, it's a little more complex than that. Account numbers, logins, passwords, PIN numbers and even "secret" questions -- it's all designed to keep our personal information, well … personal. But does it, really?

For every encryption method, there are a thousand faceless hackers and criminals out there, looking for a way to crack it and steal your financial information. And to make matters worse, technology has now forced us to doubt one of our most basic assumptions - that we can prove we are who we say we are.

I'm talkin' identity theft here

Most of us over 50 can remember a time when the term "identity theft" usually meant some kid lifted your ID to buy beer. But fast-forward past Ward and June Cleaver, past Vietnam, past the Beatles, past the Space Shuttle, even past 9/11.  This is now. In our world, your identity -- all the numbers and codes that are normally used to prove who you are -- can be bought and sold as a commodity among the underworld organizations of the world. To them, you aren't a person … you're a resource. They're just harvesting what's out there. And it's easier to get than you think.

Danger lurks half a world away

Chances are, the wiseguys who are trying to weasel their way into your wallet aren't even in this hemisphere. One of the biggest criminal organizations currently known to be engaged in active identity theft is based in Russia. It's called (how's this for irony) The Russian Business Network or RBN **(see note below). RBN does have legitimate internet-based businesses, but it also is known to be responsible for wholesale identity theft from consumers worldwide. That stolen information is then auctioned off to criminals across the globe. What it doesn't steal for itself, RBN allows its customers to steal.

It leases network space to criminal websites (such as fake antivirus software vendors) designed to scare consumers into buying their product -- which turns out to be bogus.

So how can these "entrepreneurs" get your most prized data? It can be as simple as picking up a discarded receipt or as ingenious as a fake message from your bank.

Local crooks can pick through your trash to get a document with an account number, your Social Security Number or credit card information. They might even be able to monitor wireless computer transmissions and pull your account information off the non-encrypted network. (This is why we never recommend performing financial transactions on "open" or unencrypted wireless
networks.)

Big phish, big payoff

But for the really big score, the bad guys don't target you; they go after the folks who have lots of data -- YOUR data. In 2008, for example, the Russian Mafia targeted a major American hotel chain, hacking into their European computer network and stealing credit card details and other information for some 8 million customers across the continent. On this side of the pond, ChoicePoint, a firm that specializes in warehousing data on millions of American consumers, was swindled in 2005 out of 140,000 identities by Nigerians posing as legitimate businessmen. ChoicePoint offers detailed demographic and financial information on people for use in pre-market studies and by trend researchers. Industry officials admit a similar theft of identities occurred at another data warehouse operation as early as 2003.

But don't dig yourself a hole and crawl in just yet. There are concrete steps you can take to avoid identity theft. We'll talk about those -- and what to do if your information is stolen -- in our next post.

** Internet security verification firm VeriSign has described RBN as "the baddest of the bad."  VeriSign calls RBN, which was registered as an Internet site in 2006, "an underground network involved in online criminal activities such as spam, phishing, and bots."

Sign up for more of this.

Subscribe to our blog for year–round finance strategies and tax tips. We’re here to remove the dread from filing taxes.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Please complete the reCaptcha.

It’s not too good to be true. See what others are saying.