Beware the latest identity theft racket...
Over the past couple of days my faith in the Internet community has been sorely tested. My trial – and that of many people I know – began when an unscrupulous hacker gained access to my personal Yahoo email account. They proceeded to spam every contact in the account with every manner of undesirable product. To those who suffered the inconvenience of an unsolicited email from someone masquerading as me, my most humble apologies. What troubles me about the incident is how my account was compromised in the first place. Yahoo adopts the standard “you must have compromised your account by ‘sharing’ your password with someone defence.” But that’s extremely unlikely.
I very rarely use the service – which I signed up for during a stint abroad in 1999 – and have probably only logged in three or four times this year. A more likely explanation is that a computer hacker gained access to lists of Yahoo dormant (or near dormant) accounts and cracked the encrypted passwords before using some or other mailing software to generate spam to all of my contacts… The lesson from this experience is to actively manage the subscriptions and services you have signed up to online. Log in frequently and keep an eye on the activity in your account – and change your passwords from time to time. If you have no intention of using the service again, it makes sense to close it down for good rather than leave it active and open to possible abuse!
Internet fraud is on the rise
My second hiccup involved my bank account. I’ve written so many times about the risk of identity theft – and the subsequent use of this information to transact illegally on the victims’ bank account – that I’m fairly paranoid about any of my banking transactions. And it so happens that I had cause for concern after a recent visit to my branch. (For the record – I rarely enter the realm of “real world” banking). During this visit one of the helpful bank staff swiped my card to produce a 90-day statement… But the very next day, when trying to draw cash at the ATM, this card wasn’t working anymore.
The alarm bells started ringing. Was I the victim of a bank fraud? Had this friendly bank staffer somehow “shoulder surfed” my pin code, cleaned out my account and then blocked my card so that I would not pick it up? This was a rather paranoid conclusion – but then there’s so much in the news one never knows! Thankfully my concerns proved unfounded. But the hysteria forced me to rethink my bank account security and I immediately changed and updated my bank account logon, pin and passwords, just in case.
And the perpetrators are getting cleverer
Criminals trying to get their hands on your personal information, including Internet banking logon details, are getting more innovative by the day. I’ve previously written about the threat posed by “phishing” – where tech-savvy fraudsters set up replicas of your bank account and then lure you to these sites with convincing emails. They even have clever techniques to “steal” the once-off secure pass codes that your bank sends to your mobile phone. Bottom line: If you fall for this type of scam the fraudster begins clearing out your bank account within minutes.
There are at least three other “phishing” scams that are popular right now. One of these is the unsolicited email job offer – which offers a fantastic job and pay – and requires you to provide all of your personal information upfront… If you are unsure of the source of an advertised job I would certainly advocate making a few calls before sending off your comprehensive CV... The second tactic involves fraudsters masquerading as loan providers who offer market-beating interest rates with an “anyone qualifies” promise. Once again – this “offer” arrives in your inbox unannounced and unsolicited – and requires name, surname, contact address, cell number, email, occupation and monthly salary… I’m pretty confident that anyone who responds to these emails will be lured into parting with an admin fee for the loan to be processed – and that’s the best case! And of course, there’s our all time favourite “you have won the Microsoft (or other famous company) Lottery” scam. The dead giveaway in this case is that those who enter a lottery seldom win the lottery – while those who don’t enter, never win!
So clever, they’ll get you to help with the fraud
Enter the granddaddy of all scams – the telephone and Internet combo. While trawling one of the Google groups I am a member of I stumbled across the following ruse… A user related how she had received a phone call from a person with a foreign access who wanted to “assist” with fixing a computer problem… What? Out of the blue someone you don’t know phones in to help you with a problem you haven’t reported! I’m guessing 99.9% of people who receive this call will simply hang up… But those who don’t are in for a nasty shock.
These con artists will talk the unsuspecting computer user into installing remote access software on their computer. And once they have this access your computer becomes their domain. Using this access they can install key-logging software and quickly obtain all the information they might need to clean out your bank account!
Editor’s thoughts: No matter how careful we are with our personal information there is always the possibility of our security being compromised. Our best defence against such violation is to remain vigilant, and to treat any requests for personal information with healthy suspicion. Have you been a victim of Internet fraud or another form of identity theft? I am interested to learn from (and perhaps share) some of your experiences, so please send in confidence to [email protected]
Comments