Techniques Used By Identity Thieves

For every task that technology helps consumers do, make purchases, pay bills, stay in touch with friends and family, it also eases the way for identity thieves to steal personal data.

With computers and the Internet creating an open channel between them and potential harm, consumers should stay alert and keep their security systems up to date, particularly as the bandits get increasingly devious. Ultimately, its you the consumer using a little technology and a lot of common sense who must provide the first line of defense against identity theft.

Watching your wallet is one thing. Technology widens the playing field, allowing thieves to take multiple pieces of information, undetected, from a large number of people in a short time Aadhar Card Download.
With online shopping, thieves can spend a lot of someone elses money quickly for airplane tickets, major appliances or jewelry without taking the time to drive from store to store. The Internet also provides a venue to sell stolen personal data.

Criminals have realized the potential for profit.

Online identity thieves mostly use two tactics : phishing and spyware. With these vehicles as their fundamental means of transport, the thieves keep tweaking the technology and adding upgrades that make them smoother and faster.

Their New tactics:
Phishing is a well-worn scheme that sends spam purporting to come from legitimate financial institutions and requesting a consumers account information to address a problem or update records. Its a wide net that would-be thieves cast in hopes of luring a few consumers to give up their bank or credit card account numbers.

A more advanced version of phishing is called pharming. A consumer types in the Web address, or URL, of his or her bank or another company that looks like a legitimate site but isn’t. Identity thieves can poison that address by routing it to a fake page, so instead of, a customer lands on,

Behind the scenes, a malicious program on a computer or a network server alters the addresses that consumers provide for a real Web site, telling the computer to go to another site, unbeknownst to the user. The illegitimate site can have the right URL as the real company page, but it puts the consumer in the wrong place.

Sometimes, consumers will start on a companys real site, then end up linking from that site to a fake page where they plug in their information, Thomas said. A recent phishing attack on the popular Internet auction house eBay sent users to a fake site when they clicked to participate in a particular auction

With phishing, identity thieves have become psychologically as well as technologically savvy. Security experts call it social engineering. In dealing directly with people and not with networks or corporations, attackers prey on human emotions the e-mail recipients hope of winning a lottery, concern about an international tragedy or fear that something is wrong with a bank account.

Traditional phishing remains much more prevalent, representing as much as 98 percent of instances, mostly because it is easier to execute and unfortunately works.

The bad guys find vulnerabilitie and they exploit them.

Spyware, also called malware or crimeware, is a malicious application created for the purpose of spying on the user and everything he or she does on the computer. Consumers inadvertently bring these bad wares into their systems when they respond to spam, surf the Internet and call up Web pages or download otherwise innocuous files.

With drive-by downloads, a consumer need only to stumble across a Web page for a mere second to open a door to the program.

The spyware lodges on a computers hard drive without the user realizing. From there, it not only can watch consumers activities online sending the information back to the creator of the spyware but also can manipulate where they try to go.

Its an invisible connection.You dont see it.

Spyware grows more and more sinister. Sometimes it acts as a keystroke logger, which hooks to a keyboard and records each key as a consumer types his or her name, address, phone number, passwords, Social Security number, and credit card and bank account information to buy something, bank online or file taxes.

Another spyware similar to key-logging is screen capturing. It views the various Web pages that users visit and watches everything they do . A consumer who spends time on retail sites looking for a digital camera might receive an e-mail advertisement the next day for a special deal or sale, offering a link to a bogus site, Microsofts Thomas said.

Spyware also can act as a password stealer. It waits for consumers to visit the Web page of a major bank or popular online retailer and places a transparent box over it, where it records the names and passwords used to log in to that site.

Your new weapons:

Security systems
In the fight against identity theft, nothing takes the place of a consumers need to turn on all computer security systems and keep them up to date. A good firewall, anti-virus software and anti-spyware protection will take care of most threats.

Newer technology developed to combat phishing will follow a consumer to a site and look for suspicious activity or behaviors, sending information back to the security system. The updated measures no longer rely solely on blacklists of bad site addresses or broad definitions to identify threats, but instead keep changing in response to attackers new activities and watching for strange occurrences.

These are known as behavioral or heuristic technologies. Symantec and Microsoft are using them to detect fake Web sites. Consumers still have to be wary; they should never provide account information requested by an unsolicited e-mail or at an unfamiliar Internet site. These technologies address the hidden dangers that consumers cannot see.

Microsofts phishing filter throws up a red flag and tells the user,This is a known phishing site, Thomas said. It also sends a yellow warning if something seems wrong.

A free download from will provide an anti-phishing toolbar that looks at the source of a Web site, even a good imitation of a real page, and can give the user information about what the site actually is, where it comes from and how high the risk is.

Many consumers today know that they shouldn’t use names or familiar words as passwords, but instead use a nonsensical combination of letters, numbers and symbols. They also shouldn’t use the same password for every account or Web page login.

The resulting list of complicated passwords becomes very difficult to remember and keep organized. Some programs will provide secure storage systems that are encrypted and password-protected, leaving a consumer with just one password to remember to gain access to the rest.

Leave a Reply

Your email address will not be published. Required fields are marked *