Identity theft online

[mini_0]

The easiest way for identity thieves to steal your identity online is by getting hold of your passwords. In order to safeguard your identity, password protection online is essential. If you want to keep thieves away from your identity, password protection must be a part of your online security measures. Failing to keep your passwords safe is like handing the keys of your house to a thief.

[x-man]

Right you are mini_o! Keep your passwords unique and use something that can be easily remembered. Re-use password if necessary especially if you have multiple accounts. Maintaining too many passwords is a headache. Make a list of all your passwords and put it in a safe and secure place. You will never know when you need them!

[Thesa]

People become victims of these “phishing scams” as they “lack the knowledge, get deceived by looks and do not pay attention to clues that can expose the scam”.

1) Security Signs

A secure web page means that it is secure and legal too. The signs that show whether a page is legal or not is a follows:

a) Whenever, we go to any site and require to give personal information like username, passwords in case of the login page of emails, banks, paypal, shopping carts etc., these pages need to be secure. The way to recognize a secure page is vi its URL i.e. the homepage (just giving an example) might say http://www.xx.com, while the login page might say “https://login.xxx.com. If we see carefully, we shall notice the difference – http:.// and https:// in such one letter “s”!.

The “s” means the connection is over SSL (Secure Socket Layer) which in turn means that the page has established a secure connection and shall encrypt all the information you enter on this page. So, whenever you are required to give any important information, check out the url.

b) Moreover, besides the above, there shall be a picture of a closed lock (the padlock), at the lower right corner on the status bar, which upon clicking gives full details of the digital certificate which is a sign of a secure and trustworthy site.

Digital certificate should be from an established certificate authority like VeriSign, Thawte, GeoTrust, Entrust.net etc.

2) URL wording:

Now-a-days, by looking at the web design, you can not make out whether it a real or a fake one. The people who do these things, clone sites to the last detail and thus creating a look of the “original web site”.

This has conned many net users millions to the email scams that had links to fake sites that looked almost 100% original. The best way here is to be on the safe guard, either be 100% sure that it is a genuine email or just leave it. The above can be spotted via their domain names.

[Thesa]

The ways to spot the scams have been detailed as below:

a) Since, no two domain names can be the same, so these Phishers shall purchase domain names that closely resemble the original. Take the following examples, where the first URL is the original and the second one is the fake (examples only): http://www.xxx.com, http://www.xxxx.com (here just 1 extra ‘x’ made the difference) or the http://www.papy.com, http://www.popy.com (here the ‘o’ made the difference). Thus, you should pay close attention the spelling of the domain names.

b) If you get some notification about some free gifts or offers or anything, and a link has been provided. Instead of clicking on that link, it is better to go directly to the web site and check out whether the notification was not a fraud.

c) Many a times, links that do not show any domain names but just an IP address which consists of numbers only like 102.199.60.250, are not to be trusted.

d) Emails from banks, paypal etc generally have some personal user information like username, partial account number. So, if any emails that is supposed to have come from them but not having any of the above details is not to be trusted.

e) Be careful while testing sites or typing information in any unknown sites, as there are software like the “keylogger” (a malicious software that records everything you type which is then passed on to the fraudsters).

f) Some government sites like the FBI sites have a list of the latest scams reported. So, be informed by having a look there.

[David Tan]

I don't seem to receive much scam emails this year. Perhaps web surfers are maturing. Those that got scammed either wisen up or stop using the internet. It's getting normal to utilize anti-spyware and anti-virus softwares. Microsoft also provides free security updates and software for original Windows. Even new users these days start of with better security.

[Thesa]

Quote:

Originally Posted by David Tan

I don't seem to receive much scam emails this year. Perhaps web surfers are maturing. Those that got scammed either wisen up or stop using the internet. It's getting normal to utilize anti-spyware and anti-virus softwares. Microsoft also provides free security updates and software for original Windows. Even new users these days start of with better security.

It may look like that, but scamsters and frauds have found out new ways to get the personal information as follows:

(A) Phone Phishing

"Email Phishing" as seen above, is a common scam method. Now, scamsters have started to use mobiles to get information from the unsuspecting cell users.

They pretend to be from some banks and need to cross check as to whether you are the person they are talking to.

There was a piece of news of phone scam as follows:

Quote:

Some people had impersonated as U.S. Court employees and were contacting citizens advising them that they have been selected for jury duty. They asked the unsuspecting users to verify names, Social Security numbers, and ask for credit card information and resorted to threats of fines if refused the information. FBI had issued a warning against such calls and to report them immediately.

Now, the latest thing in phone phishing scams is the use of VoIP (Voice over Internet Protocol). The following incident explains this:

Quote:

The unsuspecting users got conned by these Voice mails to believe that their bank accounts were frozen and they were required to contact a provided number. On contacting the number, a friendly message prompted them to enter their PIN number and bank account information.

All this information was being collected by the fraudsters. This was possible through the use automated scripts to initiate the VoIP calls and a spoof caller ID so they appeared to look legitimate.

(B) Social Networks

Places like MySpace have been hijacked as explained below:

Quote:

Users are receiving bulletins titled, "Check out these old school pictures...". On clicking the link, they were directed to a site that looked similar to a MySpace login screen.

Then, "Malware (spyware)" is installed on their computer, capturing login information to test their other accounts

So, remember, whenever law thinks of ways to catch criminals, the criminals are also thinking of ways to out do the laws. Unfortunately, criminals are generally faster as crime is their living!

[kamaluppal]

Thesa, you have given a lot of useful information. Yes, now identity theft is becoming a serious issue, people have managed to find ways to get credi card numbers via net. Also, people are finding false transactions in their accounts.

As technology progresses to make life easier, it also throws up more sophisticated ways for criminal minds to get away or fool the law.