The 4 Ways You'll Get Hacked
Getty Images
Amid all the news that hackers gave gotten their hands on millions of
credit card numbers and contact information from at least five retailers
– including Neiman Marcus – many of you might be wondering what those
thieves could really net from just an email address, home address, phone
number or a credit card number. The answer depends on you, and what
kind of "ish" you could get sucked in by.
On the one hand, you're technically right – once a credit card is
canceled and without your Social Security number, there's not much left
for an identity thief to directly profit off of. But with a little extra
work and some programming ingenuity, identity thieves can use this
information to engage in what I like to call the pantheon of "ishing" –
phishing, spear-phishing, vishing and smishing – and still turn a tidy
profit off of their crimes with your inadvertent help.
So what are these four big Ishes? Let's go through them, shall we?
| Phishing |
If you have an email account, you're probably already familiar with
phishing, which is when you (and thousands of other people) get an email
claiming to be "your" financial company, email provider or best friend
(among other identities) in an effort to get you to give them sensitive
financial information or personal information (like your Social Security
number), or even to click on a link that will collect that information
or install a virus or malware onto your computer.
What you might not know is that phishermen's trawling tactics are
increasingly sophisticated and their emails look more and more like
they've come from reputable sources, which is why you have to retrain
yourself not to click, no matter how initially important or
worrisome the email might be. If you think you do need to be in touch
with your financial institution, email provider or best buddy, type that
email address directly in a new window, or web address in a new
browser.
If you think you do need to be in touch with your financial institution
or email provider, go directly to the institution's actual website
("Google" it if you need to) and find their contact information there.
Alternatively you could call the number on the back of your card or on a
recent bill.
Spear-Phishing
Spear-phishing is, as it sounds, just a more targeted form of phishing:
hackers will go through lists of contact data looking for people that
seem either more vulnerable to phishing tactics or more important – like
people who work at financial services companies – and send them
tailored emails that appear to come from specific, important people they
know. They're often asked to click on links or download seemingly
innocuous files and – bam – the hackers are in.
| Vishing |
Vishing is how hackers take advantage of phone number databases – like
the ones accessed in the SnapChat hack. They'll call you and claim to be
from your bank (they just need your account number and routing
information), the IRS (just confirm your Social Security number) or even
Microsoft (just let them log into your PC remotely) to try to gain
access to your personal or financial information or even install malware
on your devices.
Smishing
Perhaps the newest identity theft technique is smishing – and, no, this isn't what Snooki and the gang were talking about
on "Jersey Shore." Instead, hackers use cellphone numbers they've
obtained – through everything from the SnapChat hack to the Target hack –
to text people unawares. They can disguise their numbers, pretend to be
companies with which you are affiliated or simply encourage you to open
a link that can install malware or viruses on your smartphone.
But all these techniques require one thing: that consumers fall for it!
They require you to let your guard down, assume your spam filter will
catch it, be distracted when so-and-so from "your bank" calls worried
about your account security, or wondering who would text you a link to
something and what it could all mean. They require you to think that
Target's offer of free credit monitoring is all you need to protect
yourself, that a hacker having your email address isn't a big deal, and
that once your credit card is replaced, you need not closely monitor
your accounts after that.
The truth is that all of us – regardless of whether we think we've been
caught up in a data breach – need to be vigilant when it comes our
information. Check your accounts regularly. Check your credit reports
for free once a year with each of the major credit bureaus. Ensure the
reports are accurate and that you recognize all the accounts. If you
even suspect they have mistakes, reach out to the bureaus (Experian,
Equifax and TransUnion). To monitor your credit more regularly, you can
use a free tool like Credit.com's Credit Report Card for a breakdown,
updated monthly, of the information in your credit report along with
free credit scores. If you see your score drop for no reason, you know
something could be up.
The hackers want you to let your own issues overcome your healthy
skepticism when it's time for their "ish." Don't grant their wish.
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911.
His experience as former director of the New Jersey Division of
Consumer Affairs gives him unique insight into consumer privacy,
legislation and financial advocacy. He is a nationally recognized expert
on identity theft and credit.
No comments:
Post a Comment