Online Identity Theft.

Online Identity Theft and Phishing, what's the connection?

First off, you have to understand Phishing is big business. A billion dollar business!

The most well known groups are the Nigerians, aka the 419 scammers, then there are the Koreans and the Romanians. These groups are the most "popular". Phishers are not restricted to these groups however. They come from all societies and all walks of life. If the payoff is there, an online identity thief will find it. A successful security breach can yield hundreds, thousands, hundreds of thousands, and even millions of potential victims.

Online Identity TheftOnline Identity Theft Scams are but a part of the overall picture. Here are a few other ways consumers have been victimized just over the last three years. The lost[?] after the institution's name is simply to emphasize our amazement at the seemingly cavalier way in which our personal information is being treated!

• CitiFinancial lost[?] a box of computer tapes with
  private account information including social security numbers while they were being transported from New Jersey to Texas by UPS. At Risk: 3.9 Million
  
  
• TimeWarner lost[?] while transporting, employees personal data, current and former, going back to 1986. The files also included some dependents and beneficiaries. At risk: 600,000
  
  
• Bank of America Corporation lost[?] by some undisclosed method, tapes containing personal information, including social security numbers and account information. Among the victims were Federal employees including some U.S. Senators. At risk: 1.2 Million
  
  
• Veteran Affairs Administration lost[?] names, addresses, dates of birth, social security numbers and much more of Veterans and Current Service members. Loss occurred when the home of an employee was burglarized and a laptop containing the personal information was taken. At risk: 27 Million

(This laptop was later recovered and the VA sent letters to everyone concerned saying "Not to worry"!) As I write this article, I'm worried. Very worried! What a way to thank someone for serving his/her country!

Some common types of Offline/Online Identity Fraud

• Fraudulent spam emails. Emails that promise huge prizes or bargains in return for personal and financial information. Ex. "You have already won a free iPod", just fill out the form to receive it"!
• “Skimming”. A dishonest business owner secretly copies the magnetic strip on the back of your credit or debit card in order to make a counterfeit card that can then be sold
• Fake electronic IRS form. Sent to gather personal information and financial data (Note: The IRS says that they never requests information by email.)
• Use a cell phone camera to photograph someone’s credit card or ATM card while he or she is using a machine or making a purchase in a business
• “Phishing”. Sending a legitimate-looking email that directs you to a phony website that is an exact copy of a real website. Here, they request your personal and financial data "to verify your account" before processing. If you are a Yahoo email user, you should be familiar with this. It became so prevalent that Yahoo instituted a "Seal" program in Sept. 2006, to help you distinguish the real Yahoo Mail Login from the fake.
• “Pharming”. A tactic where criminals “hijack” whole websites and harvest the personal and financial data of users who believe they’re communicating with the authentic establishment.

Let's take a quick look at "phishing, the billion dollar online identity theft industry." There are actually three types of Phishers.

First: The spammer. They use harvested email addresses to email the consumers with the Phishing emails. They hijack servers or server connections to send unbelievable quantities of emails. Blacklisting them doesn't’t even slow them down. They are not using their own servers, so they just move to another hijacked connection.

Second: The hacker. They, guess what? Find websites to hack! The hacker usually pay the spammer for their lists and to send their bulk emails. One popular tool in use is a "phishing kit in a box," usually a PHP script that is readily available on the internet. The inner workings of these kits, are beyond the scope of this article, however we will point out, they do work! Another less popular hacker tool is the trojan that lay dormant on the infected machine waiting for future retrieval by the "home" machine.

Third: The carder. The carder buys the validated personal information from the hacker. He/she then imprints this info on a credit card blank and takes the card to an ATM. Credit cards have two tracks in their magnetic strips. If a machine is not able to read the first track, they are in. Again, sorry for not explaining the importance of tracks. They are vital to understand if you are a phisher, however, to combat online identity theft as a consumer, not necessary at all.