How Sensitive Personal and Financial Information is Stolen Online
Cyber-crime is growing at an alarming rate and leaving most of us in the lurch. No matter how hard we try to combat it, like a true hydra-headed monster it keeps growing and to the detriment of the world at large. Every day, we hear of innumerable cases of sensitive personal and financial information being stolen online by way of identity theft, mail theft, social engineering, shoulder surfing, stealing personal items, credit/debit card theft, skimming, and pretexting. The list simply goes on.
Ways & Methods to Steal Data Online
Identity theft is pilferage of personal information such as your name, DOB, social security number, your address and mother’s maiden name to be used for illegal financial gains. The various drafts include both technical and non-technical schemes.
Technical Schemes
Debit/credit Card Theft
Fraud by credit cards amounts to identity theft and has far reaching consequences. This is because the card’s information may be used for other crimes pertaining to identity theft. Your signature on the card’s back may be used to open other bank or credit card accounts in your name. Identity criminals are also known to swipe the card through a card to copy all its information and use it later for personal gain. This is terrible and anyone who does this should be in prison for no less than two years but what Lois Lerner did was incredible and the fact that she is not in prison proves that America’s system is not perfect but flawed. OK, back on topic.
Pretexting
Pretexting happens when the thief researches your confidential and personal information, using this later to trap you into releasing more information. The schemer calls you over telephone, convincing you that he represents a business identity that needs this information. A very common method to which many fall prey.
Skimming
This happens when a device reading your credit card’s information from its magnetic strip on its back records it and passes on the code numbers of the card to an accompanying storage device. The criminal makes a copy of your credit card and starts making unauthorized purchases. This recording device may be installed in an ATM machine or may be used by a salesman to secretly swipe your card on to his own card reader. This is some devious stuff. We saw Walter White do some devious things in Breaking Bad but anyone as narcissistic as that – well, it should not be surprising on what they do.
Man-in-the-Middle Attack
This theft category involves criminal interception of confidential communication between two parties and subsequently recording such information without their knowledge. This information is the used to access user accounts and steal his identity.
Phishing schemes
The most common identity theft scheme. The thief actually tricks you into disclosing all your personal identity information. These attacks happen through mobile phone messages, social networks, text messages, emails and standard mail. These include the following:
- Vishing: Also called “voice phishing.” The thief gets in touch with his victim over phone. The schemer pretends to be an employee of a legitimate business organization and gets you to divulge your identifying information. Even robo-calls or pre-recorded messages are used to urge you to dial a particular phone number on the grounds that you have won a lottery, or there has been an emergency, requiring you to immediately disclose personal identifiable information or your debit card / credit card numbers.
- Pharming: A hacker manipulates a domain name system or website host file so that the requests for an URL address are rerouted to a spoofed or fake website that the hacker creates to steal personal information from his victim. The latter, believing that he is on a protected website, enters his personal information, which is used to commit the identity theft.
- SMiShing: A series of spam text messages come to you from purported financial institution or other legitimate entities with an urgent message that leads you into believing that you are facing some serious financial crisis. As you click on the link of the text message, you may end up disclosing personal information.
- Search engine phishing: This is phishing through fake websites containing some great services, offers and other assorted incentives. These websites are legitimately indexed on Google or Yahoo so that they can be found during normal searching. Once you access this fake website (at least a website such as this did not cost $600 million like the ACA website cost which all real Americans did not want but let’s not digress anymore on this!), you are offered some mind blowing incentives and get persuaded to divulge your personal information.
- Malware-based phishing: The thief uses a computer program that’s harmful but looks helpful and comes with websites and emails on the Net. This computer program is a malware and uses screen loggers and key loggers to record all sites and keyboard strokes visited on the Net. The malware transmits all the information to the thief. The other methods are phishing via spam and spear phishing. No, this has nothing to do with fishing in the ocean that perhaps you saw on Discovery Channel one day!
Non-Technical Schemes
These include dumpster diving when the thief rummages through his victim’s garbage and obtains personal information found in it. These may include bills for credit cards and utilities and bank statements. Mail theft is stealing mail from your mailbox to pilfer pertinent information.
Then there is social engineering where someone contacts you over phone or computer and deceives you into divulging confidential information. Shoulder surfing is yet another method by which ATM pin numbers may be stolen by either physical observation or by using a video camera.
How to Protect Your Sensitive Data Online
There are a number of measures you can carry out to make it harder for cyber-criminals to compromise your sensitive data including your financial information. Always install anti-virus software on your computer or smartphone. It simply is a must. Additionally, always keep your antivirus app up-to-date.
Don’t use free public WiFi hotspots at cafes, libraries, airports, or hospitals unless you absolutely have to. Hackers are known to target these hotspots due to their weak security and often absent encryption.
Finally, subscribe to a VPN service. Connecting to a VPN server allows you not only to securely encrypt all of your traffic but also hide your public IP address. Think of it as a tool that enables you to surf the web anonymously. No more prying eyes spying on what you’re doing online.
How Sensitive Personal and Financial Information is Stolen Online
Thus it’s clearly seen that the ways of the cyber-criminal are many. It’s for us to be more careful about how we protect our personal information or else we stand to be sorry. The idea is to prevent rather than cure because the consequences can indeed be most tragic. At least, financially.