Identity theft occurs when malicious individuals utilize another’s personal information for fraudulent purposes. Such information includes social security numbers, credit card information, home address and birth date. Imposters can utilize this information to secure loans, open credit card accounts and/or transfer funds – all at the victim’s expense.
What to look out for:
Phishing: An electronic form of identify theft where a perpetrator impersonates a legitimate business through electronic communication such as e-mail. The communication typically requests that the intended victim log-in to their online account to update their profile. A link is provided, directing the victim where to go to perform the update. The link, however, redirects the victim towards a mock website of the legitimate business. When the victim tries to log-in, their username and password are actually sent to the perpetrator.
Example: As an investor Jane regularly logs-in to her financial institution’s website to check her portfolio and make routine transactions. One day she receives an e-mail from what appears to be her financial institution. The communication states that the institution is updating their terms of service and they require Jane to use her log-in credentials to access a special website where she can acknowledge these changes. Jane clicks on the provided link and enters her account information.
Jane just became a victim of identity theft. The e-mail was not from her financial institution, nor did the link connect her to the company’s official website. When she clicked the link, she was sent to a mock website designed to look legitimate. Any information she inputs on this website (password, account number, etc.) is being sent to the perpetrator, not her financial company. This information can now be used by the perpetrator to access Jane’s account, transfer funds and perform other fraudulent activities.
This can be avoided by NEVER accessing your online accounts through links provided via e-mail. Always visit the intended institution’s site through their main webpage. For instance, if you receive an e-mail from PayPal asking you to update your profile, do not click the provided link. Instead, go to PayPal’s known official website to log-in.
Also, check with your financial institution to see if they utilize any additional security checks. For example, some institutions now use personalized graphic images to help users recognize when they are on a legitimate website.
See Microsoft's "Recognizing phishing scams and fraudulent e-mails" for more information.
Keystroke Logging: A keystroke tracker is a diagnostic tool that captures all keystrokes typed on a computer. This tool is sometimes used by software engineers to analyze computer codes and search for errors. Employers sometimes utilize keystroke trackers to measure productivity and monitor the conduct of their employees. It can also be utilized by malicious individuals to capture personal information from unsuspecting computer users.
Keystroke logging, or keylogging, can be either software or hardware based. In some cases a small device that records keystrokes is attached between the keyboard and the computer. In other cases a software program runs in the background of a computer. Both methods record the keystrokes of a user and produce a report detailing every keystroke pressed during a specified timeframe. A quick analysis of the report can reveal personal information such as a social security number, credit card numbers and log-in credentials/passwords for financial websites.
Example: John is browsing the Internet looking to download the hottest new song. He finds the song on a questionable website – one that he has never heard of nor been to before. He decides to download the song anyway, trusting the website is legitimate. John is able to download the song, but hidden within the file is a keystroke tracker. The malicious program is quietly installed on John’s personal computer where it tracks his every keystroke. This information may be sent out immediately to a designated perpetrator for fraudulent use.
Avoid keyloggers by only downloading files from legitimate, reputable sites. Also, utilize security and other anti-virus software to search your computer for keyloggers and clean them from your system.
Furthermore, always know the computer you are using. If it is a public computer, there is a small but real chance someone might have a keylogger installed. For maximum safety, never access or enter personal information on a public computer.
Additional information to help protect yourself: