By Joe Campana

Beware of identity thieves that are students of social engineering. They can exploit your holiday cheer or drear by duping you into becoming another victim of identity theft. The term, social engineering, may sound innocuous, but it actually refers to trickery and deception. Social engineers manipulate people into giving up valuable information, and even money by playing to human emotions.

Most often social engineering refers to turning over sensitive information such as a Social Security number, credit card number, credit card id number (CCID, CSC, CVC, etc.), account or building access code or other confidential information that can be used by the thief for identity theft, fraud, espionage, and other crimes. Victims can even be duped into handing over money directly to sinister social engineers.

Holidays are advantageous to identity thieves that practice social engineering and pickpocketing. Consumers in the holiday mood are likely to have their guard down. Consumers in a heightened emotional state can be taken advantage of more easily. Social engineering identity theft grinches can nab your identity in person, over the telephone, by mail, email and through websites including social networking sites such as Twitter and Facebook. Pickpockets may even use social engineering to engage and distract you emotionally, while another thief snatches your wallet or purse.

If it seems too good to be true, it probably is. So be cautious of offers to earn additional income over the holidays or to obtain huge discounts on gift items. With the dreary economy and many people out of work, offers for making a quick buck or saving money are attractive. Some schemes scam consumers into giving out their Social Security number in the hope of getting work. Others may steal financial account information when consumers provide payment information thinking they are covering fees associated with bogus “make money now” schemes.

Look out for too good to be true prices on products advertised over the Internet. If the sale is on a popular retailer website that you got to by clicking on a link, how can you be sure they are at the authentic website of a retailer? The website may be a spoof (a clone or lookalike site). The sole purpose of a spoof website is to snatch your financial account information when you think you placed an order with the retailer. To be sure you are at the retailer’s authentic website, search for the retailer website with your search engine, don’t trust a link in an unsolicited email or one posted on social networking website.

Do your homework before doing business or making purchases online. Search the name of the company and look for complaints, alerts and warnings. Internet advertisements that appear on legitimate websites can be dubious if not completely fraudulent. It’s always worth an extra five minutes of online research instead of making an impulse purchase that you may later regret.  Research may not only save you from becoming a victim of identity theft, but you may find a better deal with a reputable retailer by doing your homework.

A recent e-Week Security Watch article lists many common e-scams such as phony charity scams, bogus social networking friend requests, holiday e-cards, super sale pitches, malware ridden Christmas carol websites, job and work from home scams, password stealing scams, e-banking attacks and others. These scams may involve phishing, pharming or malware downloads that infect your computer with not only viruses but also keylogging software that allows fraudsters to capture your keystrokes particularly when you are logging into an online financial account.

Social engineering schemes don’t just involve the Internet. They can occur by phone or by mail. Beware of telephone calls from financial institutions, credit card companies, law enforcement, government agencies and charitable organizations that ask you to provide sensitive information such as your Social Security number or financial account information over the phone. Don’t trust what you see on your caller id, because caller id’s can be faked through a practice called vishing.

Received a notice in the mail that you won the lottery? To collect the $100,000 prize, just wire $1,500 to an offshore agent to cover the taxes before cashing the $2,000 bogus advance check you received with the notice. It was a coincidence that just before a financially needy consumer and very happy prizewinner was going to wire money to the lottery agent, I asked, “Did you enter the lottery?”  That was an “Ah-ha” moment, when they realized they were about to be scammed. You can’t win, if you didn’t enter!

Recently a Madison, Wisconsin woman was taken for nearly $20,000, a laptop computer and a cell phone.  She met a man, an identity thief, through an online dating service. Crafty social engineers play on our strongest emotions, even love.

Whether it is a holiday, a commemorative day, a tragedy, or any day or situation when you may be vulnerable beware of social engineering.

Source: examiner.com

With the economy downturn this year, merchants have more ads and sales to entice people to get out and shop this holiday season. Whether you are shopping in the store or online, be sure to use the following tips to be safe.

Black Friday
Starting the Friday after Thanksgiving, malls, large retailers like Target and Best Buy, and grocery stores are more crowded than usual with shoppers – and thieves. Security in most places have been increased for the holiday season, but if you are out and about, ensure your safety with these tips from the National Crime Prevention Council:

Keep careful track of your bags and packages. Do not carry more than you can handle. Make frequent trips to your car to unload, and put the bags in the trunk or in a hidden place in your car. If you purchase a large or expensive item, it may be well worth it to drive the purchase home and return to the store for more shopping, instead of risking a break-in.

If you see unattended bags or packages, do not try to take the package back to the retailer on the bag or find the owner. Tell a security guard or store employee, and they will secure the package.

Check your receipts for accurate information. Your full credit card number should not appear on the receipt, but if it does, put the receipt in a safe place so you don’t accidently drop it while shopping. Someone could pick this up and use the information to make unauthorized purchases.

If you shop with children, have a plan in case you are separated. Have a central meeting place, and review with your children who is a safe person to approach, such as a mall security guard. Ensure that each child knows your cell phone number – you may want to print a card with emergency information and put it in your child’s coat or pants pocket.

Guard your money. Take only as much cash as you think you will need, and only take one or two credit cards. Keep your wallet close to you, and not in a large purse that you have to shuffle through every time you make a purchase. Keeping your wallet under your sweater, instead of in a coat pocket, can prevent pick-pocketing.

When getting cash from the ATM or using your debit card at the counter, be sure to guard your PIN number. Stand close to the keypad to block anyone who may be looking over your shoulder.

Be aware of your surroundings and do not walk in abandoned areas alone. Park under a light if possible, and walk in a well lit part of the parking lot if you are shopping after dark.

Cyber Monday
SafeShopping.org is an informational site created by the American Bar Association to help you order safely while shopping online. They offer these tips to prevent identity theft and shopping mishaps:

You can tell the internet connection is secure when there is a picture of an unbroken key or closed lock in your browser window. Either icon indicates that the merchant site is secure and your sensitive information, such as your credit card number, cannot be read by anyone else but the retailer. Make sure that the web address that asks for personal information starts with “https” instead of “http”. Some websites may use a pop up box that indicates a secure area or uses the term “Secure Sockets Layer” (SSL).

The safest way to pay online is by credit card. If your information is stolen and you have an unauthorized charge on your credit card, under federal law your liability is limited to $50. If you do have an unauthorized charge, you should give written notice to both the merchant and the credit card company within 60 days.

Unless you are sure of the address, do not send personal information via email. Email does not offer the same protection as these secure websites. Identity thieves can make up emails that look like secure websites, so if you receive an inquiry for personal information from someone you do not recognize, do not send personal information.

If you are more comfortable giving information over the phone rather than the web, most merchants offer this option. Be sure you record the phone number, company name, date and time of your call, and the name of the person who recorded your credit card number.

If you use a password for orders, make it different than the one you use to log into your computer or network. You may even want to create a special, stronger password that is harder for hackers to crack for web purchases. Do not use birthdates, addresses, phone numbers, recognizable words, or children’s names as passwords, as these are too easy to figure out.

To avoid computer viruses, do not open an attached file that ends in “.exe” as they could activate a computer virus and damage the information stored on your computer. Use a reliable anti-virus software program as well.

Web retailers are not yet required by law to maintain the privacy of people who order from their sites, so they may collect names, addresses, and other information and use these for marketing, or they may sell the information to other merchants and telemarketers. Check to see that the site you are ordering from has a privacy policy that ensures your name does not get sold for spam.

Source: emaxhealth.com