The Identity Theft Enforcement and Restitution Act of 2008 has been approved by both houses of US legislature and now goes before thepresident to be signed into law. The bill clarifies what constitutesidentity and information theft and increases the penalties for thosefound guilty. The act does away with the minimum level of damagesrequired for charges to be filed against information thieves. Inaddition, victims of identity theft would have the right to sue theculprits for restitution.
http://www.vnunet.com/vnunet/news/2226560/identity-theft-bill-set
http://www.eweek.com/c/a/Security/Congress-Approves-Computer-Fraud-Bill/
Showing posts with label Identity Theft. Show all posts
Showing posts with label Identity Theft. Show all posts
Thursday, September 25, 2008
Friday, July 11, 2008
The Continuing Threat: Identity Theft
Identity Theft is a continuing threat that has brought great inconveniences and expenses to many victims. Dept of Justice stated Identify Theft is the fastest growing white collared crime in recent the past five years.
The accessibility of the internet has given identity thieves access to a wealth of personal information. Online brokers gather data such as social security numbers, driving records and employment information from publicly available records, customer provided forms and credit card applications.
Identity thieves purchase reports with stolen credit cards and use the information to obtain phony documents and credit cards.
Furthermore, social engineering, malware infections and dumpster diving has all led to the growing issues of identity theft.
Monday, June 9, 2008
Phishing Overview in the United States
In United States, phishing is becoming one of the fastest evolving classes of identity theft scams on the Internet, causing both short-term losses and long-term economic damage. In a phishing scam, the identity thief poses as a legitimate person from a reputable company to try to entice people to visit bogus Web sites, where they are asked to reveal important personal information, such as credit card data. Although most phishing attacks target the financial industry, a growing number of phishing incidents target other sectors, such as retailers, online game operators and Internet Service Providers.
In 2003 and 2004, several financial institutions like the Bank of America, Bank One, Citizens Bank, U.S. Bank, SunTrust, MBNA, Wells Fargo and Visa were the victims of phishing attacks. Today, national banks are not the only targets of phishing. Many of the phishing attacks in United States now target regional banks and credit unions. A total of 42 local banks across 23 states in United States were spoofed in phishing attacks between June and September 2006
What is "Phishing"?
Phishing is a form of activity in which phishers try to obtain personal information, such as credit card details, consumer e-mail passwords or bank account passwords by pretending to originate from a reliable and valid source. Phishing is used by identity thieves by using a variety of entrapping methods to ferret out the personal information of innocent Internet users.
When an e-mail is received which appears to come from a consumer's bank and asks to log in onto the consumer"s banking account to keep the account active, it is known as technically- engineered phishing. These attempts to gain a consumer's personal and confidential information are known as phishing attacks.
What is Spear Phishing?
Spear phishing is a method in which e-mails appearing to be authentic are sent to all employees or members of a particular company, government agency, organization or group. The message will look as though it is coming from an employer or from a colleague of that company who has sent the e-mail to obtain login information. Spear phishing scams endeavor to procure access to a company's whole computer system.
What is Vishing?
Obtaining credit card information illegally, using VoIP (Voice over Internet Protocol) phone calls is known as vishing. Vishers benefit from the inexpensive anonymous Internet calling available through VoIP services, which also permit the offender to use simple software programs to set up a professional- sounding automatic customer service line. Furthermore, unlike most phishing attacks, which purport to be from a genuine organization, would not normally use e-mail to ask for personal information from accountholders, vishing, in fact, imitates an emblematic bank protocol in which banks encourage clients to call and confirm information.
Phishing activity is rising rapidly in United States. One reason is that there is a high rate of broadband Internet usage in the United States. This provides a fertile ground for botnet-hijacked computers. Many of the phishing attacks are hosted in a compromised computer that is a part of a botnet. Typically, in the United States, phishers prefer to begin their attacks in the morning so that victims will receive the e-mail, when they first check their inbox. Another rationale for this tactic is that if an attack is hosted in the U.S and is launched in the early hours of the morning within a U.S time zone, it is not easy to reach the Internet Service Provider.
Conclusion:
Over the past six months, Internet users in the United States have received numerous e-mail attacks The financial services sector continues to remain the most common targeted industry sector for phishing attacks. Generally, an ordinary phishing attack can cost a financial institution $50 and $60 per account negotiated, or a total of approximately $50,000 for each attack. Phishing poses a serious threat, since the methods of attack are continuously evolving and because phishers are often difficult to track and apprehend.
In 2003 and 2004, several financial institutions like the Bank of America, Bank One, Citizens Bank, U.S. Bank, SunTrust, MBNA, Wells Fargo and Visa were the victims of phishing attacks. Today, national banks are not the only targets of phishing. Many of the phishing attacks in United States now target regional banks and credit unions. A total of 42 local banks across 23 states in United States were spoofed in phishing attacks between June and September 2006
What is "Phishing"?
Phishing is a form of activity in which phishers try to obtain personal information, such as credit card details, consumer e-mail passwords or bank account passwords by pretending to originate from a reliable and valid source. Phishing is used by identity thieves by using a variety of entrapping methods to ferret out the personal information of innocent Internet users.
When an e-mail is received which appears to come from a consumer's bank and asks to log in onto the consumer"s banking account to keep the account active, it is known as technically- engineered phishing. These attempts to gain a consumer's personal and confidential information are known as phishing attacks.
What is Spear Phishing?
Spear phishing is a method in which e-mails appearing to be authentic are sent to all employees or members of a particular company, government agency, organization or group. The message will look as though it is coming from an employer or from a colleague of that company who has sent the e-mail to obtain login information. Spear phishing scams endeavor to procure access to a company's whole computer system.
What is Vishing?
Obtaining credit card information illegally, using VoIP (Voice over Internet Protocol) phone calls is known as vishing. Vishers benefit from the inexpensive anonymous Internet calling available through VoIP services, which also permit the offender to use simple software programs to set up a professional- sounding automatic customer service line. Furthermore, unlike most phishing attacks, which purport to be from a genuine organization, would not normally use e-mail to ask for personal information from accountholders, vishing, in fact, imitates an emblematic bank protocol in which banks encourage clients to call and confirm information.
Phishing activity is rising rapidly in United States. One reason is that there is a high rate of broadband Internet usage in the United States. This provides a fertile ground for botnet-hijacked computers. Many of the phishing attacks are hosted in a compromised computer that is a part of a botnet. Typically, in the United States, phishers prefer to begin their attacks in the morning so that victims will receive the e-mail, when they first check their inbox. Another rationale for this tactic is that if an attack is hosted in the U.S and is launched in the early hours of the morning within a U.S time zone, it is not easy to reach the Internet Service Provider.
Conclusion:
Over the past six months, Internet users in the United States have received numerous e-mail attacks The financial services sector continues to remain the most common targeted industry sector for phishing attacks. Generally, an ordinary phishing attack can cost a financial institution $50 and $60 per account negotiated, or a total of approximately $50,000 for each attack. Phishing poses a serious threat, since the methods of attack are continuously evolving and because phishers are often difficult to track and apprehend.
Wednesday, January 30, 2008
File Sharing Applications: Another way to be a victim of identity theft
File Sharing Applications: Another way to be a victim of identity theft
If you are using a peer-to-peer file sharing program to download music and videos, you may be a prime candidate for Identity Theft. Applications such as Limewire, Edonkey and numerous others on the Internet may also allow individuals to download personal documents from your computer at will. The issue stems from the sharing of the “My Documents” folder as the default folder for sharing media. Most users and file sharing applications will select the “My Documents” folder because that is where most of the media files are located. But think about it... what else do you have in the “My Documents” folder? Family Pictures, Personal Documents and etc...
To date, I have read and heard of individuals accessing mortgage applications, loan paper work and even 1040 tax information with the social security numbers of a whole family.
My recommendation if you do insist on using a file sharing program is to create a folder where the sharing can take place such as “Shared Documents” and do not place any personal information in that folder.
If you are using a peer-to-peer file sharing program to download music and videos, you may be a prime candidate for Identity Theft. Applications such as Limewire, Edonkey and numerous others on the Internet may also allow individuals to download personal documents from your computer at will. The issue stems from the sharing of the “My Documents” folder as the default folder for sharing media. Most users and file sharing applications will select the “My Documents” folder because that is where most of the media files are located. But think about it... what else do you have in the “My Documents” folder? Family Pictures, Personal Documents and etc...To date, I have read and heard of individuals accessing mortgage applications, loan paper work and even 1040 tax information with the social security numbers of a whole family.
My recommendation if you do insist on using a file sharing program is to create a folder where the sharing can take place such as “Shared Documents” and do not place any personal information in that folder.
Subscribe to:
Posts (Atom)
Posts
