Avoid Becoming a Victim of Identity Theft With This Simple Rule
One of the most important factors in carrying out identity theft is obtaining all the necessary details in a “data record”. Data records are stolen by cybercriminals through means such as Phishing attacks, and then traded in underground communities known as the “Dark Web”. The type of information a criminal obtains determines if and how much money can be stolen from victims.
The “Cashout Method”
For example, suppose a cybercriminal obtains a victim’s bank account credentials. The method used for stealing the victim’s cash using those credentials (or “Cashout Method” in fraud terminology), is to log into the victim’s account and order a money transfer to a fraudulent account, otherwise known as a “mule account”. Without all the necessary data fields, a fraudulent purchase cannot be completed.
Alternatively, suppose a cybercriminal obtains a victim’s credit card records. The cashout method would then normally involve using those details to make purchases from an online store or brick-and-mortar shop. The type of credit card records obtained, and amount of data present, will have been determined by the method in which it was stolen.
Where data leaks fall short
In the case of data exposed via a leak, the records available do not provide enough information for criminals to carry out a cash theft. The “issue” with data leaks is that many records only include names, addresses and social security numbers. They do not include the necessary date of birth and mother’s maiden name used by customer service representatives to authenticate callers.
In such cases, scammers will then use a variety of methods to uncover the missing information. One of the more popular methods is simply calling the victim. Scammers will often claim to represent one of the victim’s service providers, such as their bank. The scammer will then provide information they already have on the victim, such as their name, address and social security number, to establish the victim’s trust. The scammer will then claim there is an issue that can only be fixed if the victim provides their missing details. This method of extracting information is quite popular because unfortunately, it often works.
“What organization did you say you were from”?
Calling victims is not only used by scammers to obtain missing information. We’ve seen cases where scammers have called victims, identified themselves as members of technology companies, and then tried to convince their victims to install malware. Whatever the reason for calling the victim, the technique is always the same – using existing personal information to establish trust, then exploiting the victim’s trust to achieve the scammer’s goal.
The golden safety rule
There is a way to stay protected however. It involves implementing one simple rule – be cautious when divulging personal details to callers.
If a service provider calls and asks you to authenticate your identity by divulging personal information, for whatever reason, be cautious! The best way to filter out scammers is to graciously end the conversation and call the organization directly instead. If the service provider that called you volunteers to provide you with the phone number of the organization, do not call that number. It may be fake. Instead, access the service provider’s official website and retrieve the phone number from there. If the service provider calling claims to be a technician of a company and requests to lead you through various steps – be very skeptical.
Play it smart
In some cases where scammers are involved, you may not find the organization’s phone number easily. That’s because some technology companies don’t really call people, despite what the scammer may have claimed. If you can’t find a phone number for the service the caller claimed to call from, assume they were a scammer. Organizations that deal with consumers have their phone numbers readily available on site.
In most cases of identity theft, avoiding becoming a victim takes only a small step. Scammers pray on those who are less security wary, and do not take the proper precautions. Make sure to educate yourself. With just a few simple steps, you can avoid many hours, and dollars, of fraud induced heartache.