Dec 22, 2009 
By Joe Campana
Beware of identity thieves that are students of social engineering. They can exploit your holiday cheer or drear by duping you into becoming another victim of identity theft. The term, social engineering, may sound innocuous, but it actually refers to trickery and deception. Social engineers manipulate people into giving up valuable information, and even money by playing to human emotions.
Most often social engineering refers to turning over sensitive information such as a Social Security number, credit card number, credit card id number (CCID, CSC, CVC, etc.), account or building access code or other confidential information that can be used by the thief for identity theft, fraud, espionage, and other crimes. Victims can even be duped into handing over money directly to sinister social engineers.
Holidays are advantageous to identity thieves that practice social engineering and pickpocketing. Consumers in the holiday mood are likely to have their guard down. Consumers in a heightened emotional state can be taken advantage of more easily. Social engineering identity theft grinches can nab your identity in person, over the telephone, by mail, email and through websites including social networking sites such as Twitter and Facebook. Pickpockets may even use social engineering to engage and distract you emotionally, while another thief snatches your wallet or purse.
If it seems too good to be true, it probably is. So be cautious of offers to earn additional income over the holidays or to obtain huge discounts on gift items. With the dreary economy and many people out of work, offers for making a quick buck or saving money are attractive. Some schemes scam consumers into giving out their Social Security number in the hope of getting work. Others may steal financial account information when consumers provide payment information thinking they are covering fees associated with bogus “make money now” schemes.
Look out for too good to be true prices on products advertised over the Internet. If the sale is on a popular retailer website that you got to by clicking on a link, how can you be sure they are at the authentic website of a retailer? The website may be a spoof (a clone or lookalike site). The sole purpose of a spoof website is to snatch your financial account information when you think you placed an order with the retailer. To be sure you are at the retailer’s authentic website, search for the retailer website with your search engine, don’t trust a link in an unsolicited email or one posted on social networking website.
Do your homework before doing business or making purchases online. Search the name of the company and look for complaints, alerts and warnings. Internet advertisements that appear on legitimate websites can be dubious if not completely fraudulent. It’s always worth an extra five minutes of online research instead of making an impulse purchase that you may later regret. Research may not only save you from becoming a victim of identity theft, but you may find a better deal with a reputable retailer by doing your homework.
A recent e-Week Security Watch article lists many common e-scams such as phony charity scams, bogus social networking friend requests, holiday e-cards, super sale pitches, malware ridden Christmas carol websites, job and work from home scams, password stealing scams, e-banking attacks and others. These scams may involve phishing, pharming or malware downloads that infect your computer with not only viruses but also keylogging software that allows fraudsters to capture your keystrokes particularly when you are logging into an online financial account.
Social engineering schemes don’t just involve the Internet. They can occur by phone or by mail. Beware of telephone calls from financial institutions, credit card companies, law enforcement, government agencies and charitable organizations that ask you to provide sensitive information such as your Social Security number or financial account information over the phone. Don’t trust what you see on your caller id, because caller id’s can be faked through a practice called vishing.
Received a notice in the mail that you won the lottery? To collect the $100,000 prize, just wire $1,500 to an offshore agent to cover the taxes before cashing the $2,000 bogus advance check you received with the notice. It was a coincidence that just before a financially needy consumer and very happy prizewinner was going to wire money to the lottery agent, I asked, “Did you enter the lottery?” That was an “Ah-ha” moment, when they realized they were about to be scammed. You can’t win, if you didn’t enter!
Recently a Madison, Wisconsin woman was taken for nearly $20,000, a laptop computer and a cell phone. She met a man, an identity thief, through an online dating service. Crafty social engineers play on our strongest emotions, even love.
Whether it is a holiday, a commemorative day, a tragedy, or any day or situation when you may be vulnerable beware of social engineering.
Source: examiner.com
account information, alerts, authentic website, charity scams, Christmas, computer, confidential information, credit card number, crimes, e-scams, emotions, facebook, financial information, fraudsters, friend requests, Holiday, holiday e-cards, identity theft, identity thieves, internet, keylogging software, link, lottery, love, malware, online dating, online dating service, online research, password stealing scams, pharming, phising, phone, purchases online, reputable relailer, scammed, schemes, social engineering, social networking, social networking sites, social networking website, social security number, steal information, students, Twitter, unsolicited email, victim, viruses, warnings, websites
Subscribe via RSS
