July 2007
"You're Worried About ID Theft...What are You Doing About it?"
You've heard about identity theft, you've read about it, and you know it can cause more trouble than any other type of theft. You've read "tips" on how to avoid it, but . . . can you say with a clear conscience that you've done your best to build a solid wall against it? If you're like most people, probably not.
Here are just some of the things you need to know:
First, be very wary of "free credit report" offers as they can hide scams, frauds, or charges you weren't expecting. The kicker is that some of these scams could be operated by even reputable companies. Keep an eye out. The scam can take a number of forms:
1. The company offering the free credit report has no intention of providing one, and just wants your money, social security number or both.
2. You end up getting very little for the initial payment, and have to pay an additional charge for the full report.
3. The company quietly signs you up for other services, such as long-term credit monitoring, either by not disclosing that you're being signed up, or by hiding that crucial fact deep in the Terms and Conditions of the free service.
The third scam is particularly controversial because one of the biggest offenders is a reputable credit reporting agency, so be wary.
Secondly, by now you've most likely received at least one "phishing" e-mail that claims to be from a bank or other well-known company, requesting that you update your account for security reasons. Many people get about one a week and probably the most ominous aspect of this scam is how much more professional and convincing these bogus emails have become.
Phishing is a new kind of email-based attack and done right it can be a very effective way to trick thousands of users in revealing confidential information that can then be used to steal their identities. Phishing attacks usually start as an e-mail from what appears to be a legitimate and well-known company, often a bank.
The e-mail usually says something like the company is confirming or re-verifying account information and in order to do so requires you to re-enter the information to keep your account up-to-date. The e-mail often includes a veiled threat. For example, if you don't respond immediately, your account will be closed in 24 hours.
The e-mail will then usually have a link to a bogus web site or may even have a HTML form built into it, so you can enter your information without even visiting a web site. According to a study by research firm Gartner Group, nearly 57 million U.S. Internet users receive phishing e-mails each year, and as many as 1.8 million users may have fallen for the scam and divulged personal information.
Inc.'s Citibank unit, eBay Inc. and its PayPal unit were the three organizations targeted most often by phishing scams, according to the Anti-Phishing Working Group. These kinds of attack are also known as "brand spoofing" where the e-mail and the web site look almost identical to the web sites of well-known brands, and spoofed brands have included companies like Bank of America, eBay, CitiBank and PayPal.
They can also use convincing bogus e-mails to attract users to a "loaded" web site. "Loaded" means that the web site is not only a fake site that's trying to trick users into revealing some confidential information like a credit card number, but the link to the web site is also infected with a worm or virus that adds some extra punch, and helps to spread the infected Phish mail to thousands of other users. Security experts call these "blended attacks," where two or more attacks are blended together for maximum impact.
Of course, when the first phishing expeditions appeared they were very easy to spot. For one thing the e-mails were crude, and the spelling and grammar were usually less than impressive. But today the e-mails and web sites are much more sophisticated, using plenty of impressive graphics, logos, and marketing language you'd expect from a professional company. And unfortunately that's going to make these attacks increasingly hard to detect.
What we have learned from these kinds of attacks is that identity thieves are constantly adjusting and improving their attacks, and always with the focus on getting into our comfort zone where we trust the party sending us the email because we think we know them. In order to actively protect yourself from identity, theft you need to be proactive. Read Neal O'Farrel's articles at http://www.mysecurityplan.com/ and follow through on the action steps. Be careful, and never share your information with anyone unless you're absolutely sure it's safe.
For more information on Great Basin Federal Credit Union's mortgage program, contact our Mortgage Loan Officer, Cindy Kendall at 775.789.3117 or via email at cindyk@greatbasin.org.
