Twishing: Beware of the Latest ID Scam

This tricky combination of Phishing and Twitter Uses Common Scam Techniques to steal your identity.
By Rob Douglas, August 14, 2009 from Webopedia

Every time a new communication method becomes popular, fraudsters look for a new way to commit identity theft. One of the latest popular scams is "twishing."

Twishing is a combination of Twitter and phishing, uses the growing popularity of the microblogging service Twitter.com in an attempt to steal your identity.

Twitter, which limits users to 140-character messages broadcast to the public or directly to "followers" who have chosen to receive the updates, is one of the latest identity fraud schemes because it is growing so quickly in popularity due to the message length limitations.

Fraudsters jump on new communication methods because law enforcement is slow to respond and communications providers often will rush out new technology without thoroughly testing potential security flaws.

Security flaws enable hackers to gain access to accounts, but such thefts require some technical knowledge. It’s much easier to lure someone (the idea of fishing lures gave rise to the term "phishing") to reveal private information than to hack into their account.

The idea of luring someone to reveal private information is nothing new. Famous check scam artist Frank Abagnale, subject of the movie "Catch Me If You Can", used clothing (e.g., dressing like a pilot) to lure people to give him sensitive information. While the movie was based on facts, a fictional television program, "The Rockford Files" also featured the lead character using fake business cards and smooth talk to obtain information.

Twishing works the same way. A short public message like “see what they're saying about you on xyzblog" followed by a link can direct the unwitting Twitter user to a blog that looks like Twitter, but is actually a site operated by the fraudster, who then seeks to gain personal information. Twitter recently changed its look, which will likely deter twishing for at least a while. But fraudsters are always looking for the next scam.

This is very similar to fraudsters who misrepresent themselves as being from a large financial institution while sending out millions of official e-mails trying to trick legitimate account holders into revealing personal account information. While most of these e-mails will go to people who have no banking relationship with the financial institution, the phishing e-mail will reach some legitimate account holders. The e-mail will ask account holders to resend their account information – often with the threat of suspending the account if they don’t.

Some of the telltale signs that a phishing e-mail is a fraud are typos, poor grammar or incomplete information in the phishing message. But the message limitations of Twitter make it easy to overlook such details. Twitter users will use chat and text message abbreviations (e.g., “u" for “you") and grammatical rules are largely ignored. So the hints aren’t as obvious.

However, some of the basic steps to protect one’s identity work to protect against twishing just as they do against phishing:

Don’t provide personal information online

If a message looks suspicious, it probably is

Be cautious in opening “retweeted" items. The last sender may not be aware of the malicious nature of the message.

Tips To Beat the Scammers

Beat the scammers in 2009! If that was not among your New Year's resolutions, maybe you should think seriously about adding it. Because all the signs are that the scammers are planning a BIG year in 2009.

They know the economy is in trouble and that we're all looking for ways to save, earn extra cash or help those less fortunate than ourselves. And that's all prime territory for crooks planning to hoodwink us into parting with our money.

Plus, more people down on their luck will mean more people tempted to try their hand at scamming.

And please don't think that if you're one of the lucky few who've never been targeted for a scam that you're immune to these tricksters. Sooner or later you'll encounter them -- in your mailbox, your email inbox, on the phone or face to face.

OK, that's enough gloom. We want you to be able to celebrate 2009, so we've put together some tips to help you beat the scammers.

Tip #1. Be very skeptical -- and trust almost no one

That's right, we say trust almost no one. That's because even people we think we know, including family and friends, may have innocently been tricked into becoming part of a scam.

They may pass on investment "advice" from someone they know. Or their identity may have been stolen so what you think is coming from them -- an email for instance -- is really from someone else.

A good example of exploiting our trust is the grandparent scam, where a victim gets a phone call supposedly from a desperate grandchild asking for money.

Thousands of people have been fooled into wiring hundreds or thousands of dollars to the scammer. You can find more on the grandparents scam on our website Cyber Security for Seniors.

Another good example is identity theft. As we've previously reported, fully 50% of reported identity theft is perpetrated by relatives, friends and neighbors, or acquaintances of the victim!

That's why we encourage you to be skeptical. Always ask yourself: What if this isn't what it appears to be? What steps can I take to check it out and confirm it?

Here are the main keys to being a healthy skeptic:

Don't believe sob stories from people you don't know. The vast majority of them are untrue.

Don't believe someone is who they say they are unless they can 100% prove it.

Don't believe you've won, inherited or otherwise gained a huge sum of money from a source you didn't previously know.

Which brings us to our favorite, which we never tire of repeating: Whether it's a miracle cure, a fantastic bargain or incredible luck, if it seems too good to be true, it almost certainly is.

When you do buy, never wire money via Western Union, never deposit a check and return a portion of money sent to you which is an overpayment, and whenever possible, pay by credit card (especially one-use credit cards if they are offered by your credit card company).

More tips to come...

Are You at Risk For Identity Theft?

By
Kathryn Lively - EzineArticles.com

These days, it isn't unusual to hear stories about people who have had their identities stolen, credit ratings trashed, and reputations put at risk. The Internet, unfortunately, provides a forum for making identity theft easier and more expedient. However, there is no need to panic, for one can take measures to decrease the possibility of this happening to you. Common sense and vigilance are the keys to keeping your identity - and consequently your finances and future - safe.

Good Steps to Take to Prevent ID Theft

If you are concerned about private, sensitive information being exposed for thieves to use against you, there are things you can do to maintain your security, especially on the Web. Here are a few suggestions for keeping your ID your own.

Shred Important Documents and Receipts: Once you are finished with invoices, credit card statements and anything else that has personal or financial information, make sure it is shredded thoroughly. But watch for personal shredders, because even the craftiest white collar criminal can piece together strips. Look in your area for community shredding events, where professionals will take your paperwork and shred it with an industrial strength machine.

Be Careful When Shopping Online: Buying products and services via the Internet may be easy, but if you give credit card information over an insecure website you risk exposing that information to hackers. Look for the lock icon on your browser when you shop, and only make purchases from sites you trust. If you receive e-mail newsletters from vendors, be wary of clicking through to websites unless you have opted-in to a specific mailing. Many times scam artists disguise e-mails to look like a legitimate company advertising to you. Sometimes hovering your mouse over the links will reveal a dubious address.

Change Passwords Periodically: If you are the type to use the same password for a multitude of protected websites, consider mixing it up a little, and changing your password from time to time. Do not use a password closely associated with you - children's names, phone number, etc. - that somebody could figure out.

Give as Little Information on Yourself as Possible: Social media is a popular trend right now, with millions of people using Facebook and Twitter to connect to friends. If you feel the need to be social, don't give out too much information about yourself. Use an e-mail address with a gender neutral ID and try not to volunteer geographical information if you can.

Identity Theft Protection: A Vital Concern For Every Citizen, Rich Or Poor

Only people that live far from big cities and in places where identity thieves have as yet not extended their operation to will the need for proper identity theft protection be something that is of less than of extreme importance. The fact is that today identity theft is a huge problem that affects millions of people all around the world and particularly in the USA. Even if you are not given to purchasing goods and services online there is still no assurance that identity thieves won’t get to you.

Don’t Shop Online?

Identity theft protection is vital for even those people that never shop online or who buy from brick-and-mortar stores because recent studies have been able to prove that online activity is not a major concern as far as identity theft goes. This means that even if you have never shopped on the net; not ensuring identity theft protection will not prevent identity thieves from getting to you. It is not a question of whether you will become a victim of identity theft but more a question of when will the identity thieves get to you.

The best identity theft protection is of course to understand the modus operandi of identity thieves and then to take preventive measures to ensure that the identity thieves cannot use these methods on you. Even those innocuous looking offers that pop into your mailbox on a daily or perhaps weekly basis can be one of the ways that identity thieves will strike you down. Unfortunately, as yet the US postal service is not able to spam out fictitious mails and so they deliver whatever is posted to you into your letterbox.

Therefore, proper identity theft protection means throwing away these so-called offers without giving them another thought. However, before you throw away the offer makes sure to shred the offer so that your name and address cannot be found by those that rummage the garbage looking for just such information.

Identity theft protection is also not an activity that is relevant to only rich and wealthy people because ordinary citizens too need to be on their guard at all times. It is very sad that today you cannot throw away your garbage without needing to worry that you have not taken the appropriate identity theft protection measures such as shredding useless documents and bills and of course those good-for-nothing offers.

Vigilance is crucial to proper identity theft protection and in fact you can also make use of identity theft protection services to handle this vigilance for you. By enrolling with such service companies you can rest assured that you will be informed regarding changes to your credit reports and so be warned in time when something false shows up on these reports such as someone having made off with your identity and who then ran up bills that you will have to pay.

Advance-fee fraud

From Wikipedia, the free encyclopedia

The Nigerian 419 scam originated in the early 1980s as the oil-based Nigerian economy declined. Several unemployed university students first used this scam as a means of manipulating business visitors interested in shady deals in the Nigerian oil sector before targeting businessmen in the west, and later the wider population. Scammers in the early-to-mid 1990s targeted companies, sending scam messages via letter, fax, or Telex. The spread of email and easy access to email-harvesting software made the cost of sending scam letters through the Internet low. In the 2000s, the 419 scam has spurred imitations from other locations in Africa, Asia and Eastern Europe, and, more recently, from North America, Western Europe (mainly UK), and Australia.

The number "419" refers to the article of the Nigerian Criminal Code (part of Chapter 38: "Obtaining Property by false pretences; Cheating") dealing with fraud. The American Dialect Society has traced the term "419 fraud" back to 1992.

This scam usually begins with a letter or e-mail purportedly sent to a selected recipient but actually sent to many making an offer that will ultimately result in a large payoff for the intended victim.

The email's subject line often says something like "From the desk of Mr. [Name]", "Your assistance is needed", and so on. The details vary, but the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly, usually because he has no right to it. Such people, who may be real but impersonated people or fictitious characters played by the scammer, could include the wife or son of a deposed African or Indonesian leader or dictator who has amassed a stolen fortune, or a bank employee who knows of a terminally ill wealthy person with no relatives or a wealthy foreigner who had deposited money in the bank just before dying in a plane crash (leaving no will or known next of kin), a U.S. soldier who has stumbled upon a hidden cache of gold in Iraq, a business being audited by the government, a disgruntled worker or corrupt government official who has embezzled funds, a refugee, and similar characters.

The money could be in the form of gold bullion, gold dust, money in a bank account, so-called "blood diamonds", a series of cheques or bank drafts, and so forth. The sums involved are usually in the millions of dollars, and the investor is promised a large share, typically ten to forty percent, if they will assist the scam character in retrieving the money.

Whilst the vast majority of recipients do not respond to these emails, a very small percentage do, enough to make the fraud worthwhile as many millions of messages can be sent. Invariably sums of money which are substantial, but very much smaller than the potential profits, are said to be required in advance for bribes, fees, etc.—this is the money being stolen from the victim, who thinks he is investing to make a huge profit.

Insa Nolte, a lecturer of University of Birmingham's African Studies Department, stated that "The availability of e-mail helped to transform a local form of fraud into one of Nigeria's most important export industries."

Tax Season Alert - The 3 Big Myths That Can Make You a Victim of Identity Fraud

The continued popularity of electronic tax filing has made this annual burden incredibly simple for many taxpayers. As a result, these individuals mistakenly equate ease-of-use with safety. This assumption too often leads to the #1 most-committed crime in the world - identity theft. The opportunities for your personal information to unwittingly fall into the hands of thieves wanting to commit fraud has grown exponentially along with the explosion of online tax return submissions. Do not falsely presume that your identity is protected.

Here are the 3 biggest myths that risk your identity during tax season, as well as important security tips to avoid the time, money and hassle related to identity theft.

Myth #1: Documents, PDFs and personal information used in the creation of your tax returns are safe just sitting on your computer.

Truth: Hackers may access your computer in various ways at ANY time via viruses, Trojans and Botnets. Confidential information on PDFs is NOT safe.

· Password-protect all tax returns that you print to PDF from your tax software so that Social Insurance Numbers are secure. Permanently shred unsecured documents on your computer that contain personal information used to prepare your tax return.

· Configure all peer-to-peer file sharing programs to disable the sharing of your personal folders so identity thieves can't download your tax return.

· Install the latest updates to your operating system to prevent known Windows or Mac vulnerabilities from being exploited by hackers.

· Don't save your password in your web browser when accessing payroll services, employers, banks and other institutions that keep your personal information because it could easily be stolen.

Myth #2: It's safe to electronically transmit confidential data to an accountant, employer, or the CRA.

Truth: Your personal information is at the greatest risk when it is en route from one location to another. Hackers and thieves have the ability to eavesdrop or spy on it when it is unprotected.

· Encrypt supporting tax documents you plan to email to your accountant to prevent anyone from snooping on your network and gaining access to your financial information.
· Create strong passwords when registering to download your CRA forms, and other personal tax documents from your employer so that they are not easily guessed by strangers.

Myth #3: Paper copies of your important tax documentation are always safe since they are in your control and are not accessible to electronic hackers.

Truth: Identity thieves are incredibly creative and will attempt to access your confidential information for their own personal gain however and wherever possible, especially when you least expect it.

· When you postal mail your tax return to the CRA, send it from a secured location, like the post office or an official Canada Post collection box; do not let it sit in a box overnight as it could be stolen. For added security use certified mail.
· If making photo copies of your financial documents, make sure the photocopier does not store images of them in memory.
· Using a traditional paper shredder, destroy the printed documents used during tax preparation that you no longer need.

The government takes your tax dollars on April 30th. Do not let a thief take your identity too. Employ a multi-step approach in the prevention of identity theft that includes awareness, changes in behavior, and security tools. Doing so will secure your personal information this tax season and allow you to rest easier on May 1st and after. One final tip:

· Monitor your credit report regularly.

adapted for Canadian use originally posted at eZine Articles

ATM Skimming - What is It?

ATM skimming is a method used for stealing your identity during an ATM transaction. This method utilizes a credit card skimmer to collect, record and store your credit card number and pin number. The person "Skimming" your card can then use this information to program his own credit card with your information!

This skimming device, when placed on the ATM machine is virtually undetectable if you are not looking for it. It looks like a normal part of the ATM. And just when law enforcement agencies have gotten a handle on the technology being used by ATM skimmers, along comes a break through technology that is leaving even veteran investigators astounded. The first device discovered by an ATM user and obtained by authorities was taken to the CIA and they indicated they had not seen anything like it!

The method used included two devices. A type of skimmer placed over the card slot on the ATM accompanied by what appeared to be a speaker mounted on the ATM above the keypad. When the card was inserted, a device placed over the slot scanned the magnetic strip and the account information was sent (wireless ) to a modified cell phone hidden behind the fake speaker placed on the ATM above the keypad. A small camera concealed in the fake speaker would then record the pin number entered and stored it on a flash memory card.

The perpetrator would then steal a gift card that has not been activated and transfer the account information to the gift card via the magnetic strip thus turning it into an ATM card. This device has been credited with stealing in excess of $300,000 from peoples accounts in Pennsylvania!

In order to prevent being taken at the ATM, the obvious safeguards should be taken. Look for anything that just doesn't appear to belong, or looks out of place such as the fake speaker or a skimming device placed over the card slot. Also, when typing in your pin number, shield the keypad with your other hand in case there is a camera watching. Always check your bank statements or better still, apply for on line account monitoring with your bank so you can check instantly to see if someone has been in your account.

Article Source: http://EzineArticles.com/?expert=James_W_Albert