No announcement yet.

Social Engineering - Identity Theft

  • Filter
  • Time
  • Show
Clear All
new posts

  • Social Engineering - Identity Theft

    One of the more prominent and rapidly evolving threats is identity theft, which falls under the category of social engineering. According to the Federal Trade Commission, in the United States, identity theft is one of the most rapidly growing crimes over the last few years. You need to be extra vigilant and protect their information from this form of attack.
    Once in possession of information, an identity thief has plenty of options available to them, depending on their particular goals. Thieves have been known to run up charges on credit cards, open new accounts, get medical treatment, or secure loans under the victim's name. Once your personal information is online, it is no longer personal!

    Some signs of identity theft include
    • You see withdrawals from your bank account that you can't explain.
    • You don't get your bills or other mail.
    • Merchants refuse your checks.
    • Debt collectors call you about debts that aren't yours.
    • You find unfamiliar accounts or charges on your credit report.
    • Medical providers bill you for services you didn't use.
    • Your health plan rejects your legitimate medical claim because the records show you've reached your benefits limit.
    • A health plan won't cover you because your medical records show a condition you don't have.
    • The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don't work for.
    • You get notice that your information was compromised by a data breach at a company where you do business or have an account.

    As the world moves to online operators, protecting yourself from online fraud becomes vital. More and more people access their banks online, than ever before or work with other types of sensitive information. In many cases, the only thing standing between an identity thief and your money is a four-to-six-digit number or a word or combination of words. To help you access your account if you forget your password, many sites let you set up security questions based on a few predetermined facts about yourself. But anyone else who knows the answers can access the account, too. And with the proliferation of Facebook, obtaining those answers is no longer a problem.

    If you have googled yourself, you've learned firsthand what is available about you online, but you probably missed quite a bit. If you haven't already done so, try googling yourself. See what types of information are available, and note the level of detail that can be found. Note whether any of the information gives clues about your background, passwords, family, or anything else that can be used to build a picture of who you are.

    Sites that may contain personal information include
    • Spokes
    • Facebook
    • Myspace
    • LinkedIn
    • Intellius
    • Zabasearch
    • People Search
    • Shodan

    There are tools that reveal more about a target than a Google search does. Some companies mine, analyze, and sell this data for a few dollars without regard to who may be requesting the information or how it may end up being used. By combining information from multiple sources using social engineering and footprinting techniques, you can paint a pretty good picture of an individual, up to and including where they live.
    Certified Security Geek