Pretexting - Identity Theft with Personality
No doubt, by now, you've been warned about "phishing". Phishing attempts to steal personal information via faked websites or bogus "official" communications, designed to lure the user into providing information via web forms. There are numerous tools now ready to help protect users against phishing, which is a fairly "passive" form of communal engineering. The modern scandal at Hewlett Packard brought a more sophisticated form of identity theft via communal engineering to the communal consciousness: pretexting.
Pretexting - Identity Theft with Personality
According to the Federal Trade Commission, pretexting is the institution of getting your personal information under false pretenses. Pretexters sell your information to habitancy who may use it to get reputation in your name, steal your assets, or to explore or sue you. That information may consist of your communal safety estimate (Ssn), telephone records and your bank and reputation card catalogue numbers.
Pretexters use a variety of tactics to get your personal information. For example, a pretexter may call, claim he's from a inspect firm, and ask you a few questions. When the pretexter has the information he wants, he uses it to call your financial institution.
He pretends to be you or person with authorized way to your account. He might claim that he's forgotten his checkbook and needs information about his account.
In this fashion, the pretexter may be able to acquire personal information about you such as your Ssn, bank and reputation card catalogue numbers, information in your reputation report. Pretexting is the key to identity theft, which most generally results in reputation card fraud, bank fraud, loan fraud and communications fraud (opening a phone catalogue fraudulently).
However pretexting is also alive and well in the secret gumshoe community: investigators ostensibly working quietly but aboveboard for legitimate clients. There is a prosperous network of creative con artists who acquire phone records and other secret data. Some of their clients are major banks and guarnatee companies. Pretexting has often been the corporate investigative tool of choice.
The most notorious example of this institution advent to light recently has been the drama played out at Hewlett Packard, where the board chairwoman and other Hp luminaries hired an investigative division to track the source of leaks advent from board meetings. The investigators, in turn, engaged in pretexting to attempt to gain phone records on a suspected board member and on the journalist(s) who were writing stories based on the links.
Computer hackers call the use of an assumed identity "social engineering." That's an endearing title for theft, but the fact is that this type of behavior has been in the news for some time preceding the Hp fiasco. Presidential candidate Wesley Clark had his cell phone records purchased by a blogger, who turned them into a major political story. The Hp story has resulted in an investigation by the California Attorney General's office, which says that it currently has six "major" pretexting cases under investigation, all of them corporate in nature.
Hp's filing with the safety and transfer Commission about this matter states in part that, "The (Hp board) Committee was then advised by ... Exterior counsel that the use of pretexting at the time of the investigation was not generally unlawful (except with respect to financial institutions)..."
The Federal Trade Commission's web site section on this issue reads as follows: "Pretexting is the institution of getting your personal information under false pretenses. Pretexters sell your information to habitancy who may use it to get reputation in your name, steal your assets, or to explore or sue you. Pretexting is against the law."
Hp's investigators are currently under indictment. It will be thoughprovoking to see what comes of the board members and lawyers who found their methods "not generally unlawful."
share the Facebook Twitter Like Tweet. Can you share Pretexting - Identity Theft with Personality.
No comments:
Post a Comment