Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2005-07-13

Info: New Phishing Threat

I'd like to provide you with an executive summary of a new phishing threat that has been put forth in an article fom SearchSecurity.com. Earlier this year, a database of customer information at a payment processing facility was compromised. This is bad news, in and of itself, since it means that the culprits have obtained credit card numbers and the address information of the holders. But although the culprits have, no doubt, used the information to their own benefit in a direct manner, they are also phishing for further data. The author of the linked article puzzles as to what kind of information they could want, given that so much information was already compromised in the original breach. His hypothesis: they want Social Security Numbers, since this is the missing piece of the puzzle, and would enable outright identity theft.

In practice, the phishing threat discussed here will come in the form of an email message from your bank, containing a warning about your credit card, and will include a persuasive amount of detail, including your credit card number! This is because these details have already fallen into the hands of the enemy. The message will then, in the usual manner, coax you to follow a link to their website, where you can allegedly "reactivate" your account. This is where they will ask you to provide your SSN as a "security measure". If you divulge this information, you not only demonstrate that your other details are true and correct, but you provide them with enough information to obtain credit in your name, thus landing you in bad credit hell.

If you receive such an email, I recommend that you notify your financial institution immediately, using a medium other than the Internet to do so.

No comments: