Phishing and Identity Theft
More than 10 million Americans are victims of identity theft a year. A recent survey estimates that the dollar value of the crime was $52.6 billion in 2004. Individuals and businesses alike are at risk. This week's articles can help you make your family and your business more secure against phishing and identity theft.
What does a phishing email look like?
The stories keep coming about the growing number of large-scale security breaches.
Identity theft has severe consequences to victims, their families, and employers.
Just a fisherman would use a spear to target a single fish, spear phishing targets individuals.
The IRS urges consumers to avoid falling for these recent schemes.
This report is intended for technically sophisticated readers such as security practitioners, executives, researchers, and others who wish to understand methods employed by online identity thieves and countermeasures that can prevent such crimes.
As always, we look forward to hearing your comments & insights regarding business continuity.
If you have a topic you'd like us to cover, email me at
Bob Mellinger, President
1. How to recognize phishing e-mails or links
Phishing e-mail messages are designed to steal your identity. Phishing links that you are urged to click in e-mail messages, on Web sites, or even in instant messages may contain all or part of a real company's name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site.
2. Another Phine Kettle of Phish: Identity Theft Prevention
Every day millions of Americans fall victim to identity crimes. In fact, one out of every 23 adults will become a victim of identity fraud each year. Here are some things you can do today and by next week to protect yourself.
3. Identity theft: The business time bomb
An alarming figure is that over half of the 10 million new IDTs each year originate from a place of business, employer, or other entity (not-for-profit or local, state, or federal government). All entities and certain individuals are required under one or more federal and state laws to implement measures, policies, procedures, and employee training on privacy and security of nonpublic personal information to bring IDT under control. Violations of these laws carry substantial penalties and open entities to legal risks.
4. The New Threat: Spear Phishing
Most people have heard about phishing - the practice of using fraudulent emails to gain access to personal information for the purpose of identity theft. But like any activity, an occasional update in the process is needed. Spear phishing is the new black in identity theft.
5. IRS Alerts Public to New Identity Theft Scams
The Internal Revenue Service reminds consumers to avoid identity theft scams that use the IRS name, logo or Web site in an attempt to convince taxpayers that the scam is a genuine communication from the IRS. Scammers may use other federal agency names, such as the U.S. Department of the Treasury.
6. Online Identity Theft: Phishing Technology, Chokepoints and Countermeasure
Given both the current sophistication and rapid evolution of phishing attacks, a comprehensive catalogue of technologies employed by phishers is not feasible. Several types of attacks are discussed below. The distinctions between attack types are porous, as many phishing attacks are hybrid attacks employing multiple technologies.
Quote of the Week:
"The United States today experiences much higher levels of identity theft, spam and government profiling than Europe because we have failed to establish necessary legal safeguards."
-- Mark Rotenberg