- Share This Post
- submit
- 0
-
Sparkle (0)
Robert Siciliano Identity Theft Expert
It wasn’t long ago that most phishing emails were from a supposed
Nigerian General Matumbi Mabumboo Watumboo. And you and I were
flattered that we were the chosen ones to help the general transfer 35
million out of the country, because the Nigerian government was a bunch
of jerks and wouldn’t let him keep the inheritance his wife had
inherited from her deceased uncle Bamboo.
Phishing continues to become more sophisticated, more effective, and more prevalent. According to a recent study, a 52% increase in phishing scams occurred in July alone. Computerworld reports
that basic phishing emails successfully led to corporate bank accounts
being completely drained. Criminal hackers waited until Pennsylvania
schools administrators were on vacation, then used simple money
transfers to liquidate over $440,000 between December 29 and January 2.
Much of the phishing that occurs today is “spear phishing,” in which
the spammers concentrate on a localized target, generally an individual
with control over a company’s checkbook. This insidious type of
phishing occurs when a recipient clicks a link, either in the body of
an email or on the spoofed website linked in the email, and a download
begins. That download is almost always a virus with a remote control
component , which gives the phisher full access to the user’s data,
including user names and passwords, credit card and bank account
details, and Social Security numbers. The malicious software can attach
itself to the victim’s web browser, where it waits for the victim to
log into a bank site before launching. When the victim does log into
his or her bank account, the software sets up new payees and transfers
money to the criminal hacker.
In the school hack, the software added 42 people to its payroll
during Christmas break and quickly began paying them. The issuing bank
received 74 transfer requests during the four day period.
When consumers’ bank accounts are emptied, federal regulations limit
their liability to $50, as long as the victim reports the theft within
a set time frame. But things are a lot more complicated for
corporations and other entities. Whether or not the victim is
responsible for the missing cash varies from bank to bank.
Protect your yourself.
This is an easy fix, rule #1 – don’t click on links in an email if
you aren’t 100 percent sure of its legitimacy. Whenever I receive an
electronic statement from a bank or credit card company I always go to
my “favorites” menu or type in the address manually to get to the
entities website to check my statement. I’m only 99.9% sure its legit,
so I just take the extra step to go to my favorites.
1. Get a credit freeze.
Go online now and search “credit freeze” or “security freeze” and go to
consumersunion.org and follow the steps for the state you live in. This
is an absolutely necessary tool to secure your credit. In most cases it
prevents new accounts from being opened in your name. This makes the
SSN useless to the thief.
2. Invest in Intelius Identity Theft Protection.
While not all forms of identity theft can be prevented, you can
effectively manage your personal identifying information by knowing
what’s buzzing out there in regards to YOU.
3. Make sure your McAfee anti-virus is up to date and set to run automatically.
4. Update your web browser to the latest version. An out of date web
browser is often riddled with holes worms can crawl through.
5. Check your bank statements often, online, at least once a week.
Robert Siciliano Identity Theft Speaker discusses phishing