Learning the language of identity theft can be a difficult prospect. We’ve talked about phishing, smishing, & vishing an and even oversharing in the past. We’ve examined how identity protection programs like Identity Guard can put you in an offensive position against most of these threats. Today, however, we’re going to be talking about what is known as “spoofing.” Sounds funny and relatively harmless right? Spoofing is the alteration of an e-mail header so that it appears to have been sent from someone other than the person who sent the e-mail. Now there are legal forms of spoofing, such as disguising your identity for fear of retaliation. Spoofing anyone other than yourself, however, is quite illegal… and an easy way for identity thieves to fool you into thinking that you’ve got to do something that you don’t really need to do.
How is spoofing even possible? Because the STMP, or Simple Mail Transfer Protocol, doesn’t actually include any authentication mechanism. Although a security level can be negotiated by someone who is utilizing SMTP, this is often not done. When there is no security level in place, anyone with a computer, access to the internet, and just a little bit of knowledge can log into the e-mail server itself and send messages out as anyone on behalf of any corporation.
For the most part, we can recognize these ridiculous e-mails and simply delete them without falling victim to them. It’s pretty easy to do when you get an e-mail supposedly from Bank of America saying that you need to take action before your account is closed even though you’ve never done business with Bank of America. On the other hand, an e-mail that appears to be from someone like your supervisor or even your spouse asking for sensitive data to be sent for a legitimate sounding reason can be something that fools a lot of people.
E-mail spoofing is nothing new – identity thieves figured out this process back when e-mails first started getting sent around the internet, so it’s a two decades plus old problem… but that’s the issue – it’s still a problem today despite education and self-awareness programs. So what can you do to make sure that you don’t fall victim to a spoofing scam?
If you do get an e-mail that seems suspicious, contact your financial institution in person.
Forward the e-mail to your financial institution’s customer service and ask for an explanation.
Remember to never share sensitive information unless you can verify the website, you notice it is secure, and you’ve visited that exact login location before.
Contact others immediately if you feel that you may have been fooled by an exceptional spoofer.
When in doubt, just delete the e-mail and move on.
Criminals have been using phishing scams for years to try and steal sensitive information for the purpose of identity theft It is an act of gaining access to sensitive information like username, credit card details and passwords by the means of disguising as a trusted online company or business. These criminals don’t hack into your computer to steal your information. They ask you for it right out in the open…and you give it to them.
Although many people have no clue about phishing, this scam is not a new one. In fact, it has been around since 1995, back when the AOL was the source of everything internet. The scammers, or phishers would send messages disguising as the employee of AOL. These so called “employees” requests the users of the company to confirm their billing information as well as verify their accounts with them. The term phishing was then coined in 1996 when many people have fallen for the fake emails.
Since then, phishing has changed a lot. It became more sophisticated. However, one thing about it did not change and that is they are still using the same concept of deceiving people in order for them to hand over their sensitive information. One good piece of news is that fewer people fall for scams such as this one. Based on the Verizon’s 2015 report on Data Breach Investigations, there are only 23% of individuals opening phishing emails and 11% are clicking on the attachments. Although this is the case, it is unfortunate enough to know that it is very easy, simple and fast to hand over these information. There has also been a report stating that 67% of data breaches started out from phishing emails.
Through the years, the methods that these scammers used have improved, which allows them to send emails to many people all at the same time. As it has been easier to acquire these information, one of the things you need to do to protect yourself from it is to be aware of the methods the criminals employ. Here are some of the things that phishers use in attracting their victims:
Lots of people receive emails that just seem too good to be true like gift certificates, great discounts and giveaways that are just too fantastic. These are just some of the deals they are using to lure their victims. Once you have clicked the link sent to you, you would be asked to fill out a form asking you to enter personal information and even credit card numbers. Trust your instinct and if you think these great offers seem a little fishy, put your credit card away and report the phishing incident to the US-CERT here.
The best target of Phishers are those individuals that are the most likely to click on the link that has been sent to them. People looking for a job are a great target for phishing scams. They are extremely likely to open an email of a (fake) prospective employer. Therefore, they need to be aware that the scammers nowadays also makes use of logos from a company as well as language that makes them seem like a professional. In most cases, the link leads to some form requiring personal information to be entered and then the job seekers would be told to wait for an interview. While most job applications will require some personal information, you should be would be wary of those requesting SSNs upfront. Most legitimate employers would will not ask you for this information unless they have decided to employ you.
Banks will never ask you for credentials online, especially through email. Therefore, if you receive a legitimate looking email from what appears to be your bank, asking you for usernames, passwords etc. Delete the email and report it right away. Contact your bank and let them know that you received an phishing attempt using their name.
Keeping a watchful eye is one way of protecting yourself from phishing scams. Therefore, if an email is suspicious, never click any link. Moreover, using unique passwords would make a difference.
I always recommend everyone sign up for a credit monitoring plan that will alert you if you happen to be the victim of a phishing scam. It’s a cheap way to keep