eMazzanti Technologies

Beware This Latest Threat to Your Personal Identity!

It is really too bad, but the reality today is that we can’t be too trusting any more. It seems like there is some criminal around every corner ready to dupe us into giving up personal information and then stealing us blind. The only solution is to be vigilant, and sadly, a little paranoid.

The latest of the schemes already has a name. It is called “vishing.” If that doesn’t sound descriptive, don’t worry, it will make sense soon. Many of you may remember hearing of a technique called “phishing”, a play on words that basically names a social engineering technique used to steal your identity, or at least parts of it. The phishing technique relied on an email sent to you, apparently from a trusted source, such as Microsoft, eBay, or a major bank, asking you to follow a web link to “reactivate” or “update” your account. The email, link, and everything was cleverly disguised to look very legitimate. However, the link, of course, led to a site that happily collected your personal information directly into a criminal’s database for later sale on the black market. The term “phishing” then was coined as a nomenclature for the practice of fishing for credit cards, social security numbers, bank account numbers, and the like.

The newer technique continues the older theme, but takes advantage of Voice over Internet Protocol, or VoIP telephone technology; hence the term “vishing.” This is a clever one, and honestly, to me even scarier. Consider the following scenario: You receive a voicemail or text message on your cell phone from a “national bank”, coincidentally, the very “national bank” that you use. The message informs you that your account is on hold because of some suspected fraud activity and urges you to immediately call a certain toll-free number to clear up the situation. When you call the number, you are greeted by a very professional-sounding menu system from “national bank” with message prompts that instruct you to enter your social security number, account number, credit card number, expiration date, and security code from the back of the card, or some combination of the above. Thinking you have just averted a disaster, you hang up the phone. Meanwhile, somewhere in Eastern Europe, counterfeit credit cards are being printed with your name and card number and being sold on the Internet. Your identity has just been stolen.

With current VoIP technology, it is very easy and inexpensive for a criminal to set up a toll free number, and a computer system to take the calls and accept the data entered directly into a database. Other variations on this technique involve emailing you a message that asks you to call a number or sending you a text message to call the number. With each technique, the costs are low, the results are good, and the whole process is very difficult for authorities to track.

Don’t let it happen to you. This message is not meant to be fear-mongering, but we do want to get your attention. Dan Larkin, chief of the FBI’s Cyber Initiative and Resource Fusion Unit recommends greeting a phone call or e-mail seeking personal information with a healthy dose of skepticism. The bottom line is this, if you get a text message, email, or voicemail requesting you to give out personal information, do not do it. No legitimate organization is going to ask you for personal information in such a way.

More resources: If you feel you have been victim of a fraud, immediately report it to the Internet Crime Complaint Center at http://www.ic3.gov/. If you are concerned about the security of your corporate knowledge, or your employees’ personal information, give eMazzanti Technologies a call. We won’t ask for your social security number!