Understanding Common Identity Theft Threats

We’ve all heard a lot about the dangers of identity theft. These days it’s not uncommon for home computer users to be hit by clever online scams that steal personal information — from social security numbers to financial account passwords — and exploit it for financial gain. In the wake of identity theft, most victims are left holding the bag with a bad credit report.

Before you can protect your family from online identity theft, you’ve got to be aware of the threats. Knowing how these thieves strike can help you stay alert so you can protect your private data and avoid being defrauded. Here are the top ways identity theft transpires via the Internet.

Spam  Unsolicited mass email — spam — has long been an annoyance, clogging in-boxes with hundreds of junk emails per week. But spam has recently become a security threat as well.

With the world’s recent wave of natural disasters, many home users have also been hit by spam asking for contributions to what turns out to be phony charities. These emails ask for personal information like an address, birth date, and credit card numbers — information which is then used to defraud you.

Phishing  Thieves try to contact you in a number of ways — using email, instant messaging or even pop-up ads. They try to get you to visit a web site that may look like a well-known company’s homepage, but in fact is a fake. You might be asked to correct an urgent problem with your account, or update your contact information. You might even be given a special offer to redeem. If you click on the link a phisher provides, you’ll end up at a spoof site that looks legitimate. Once you type in your information, the phisher uses the data to steal your information or money.

Pharming When you click a link in an unsolicited email, an Internet pop-up ad, or downloaded content from the Internet, (such as audio or video files, screensavers, or games), you may get an unwanted computer programming code (known as malicious code) placed on your computer. The next time you go to an online banking or similar site, you are invisibly redirected to a legitimate-looking spoof site and asked for your account information. Pharmers use this stolen private data the same way phishers do.

Spoof sites Identity thieves create web sites that closely — or exactly — mimic legitimate sites of trusted companies. If you respond to a phishing email or if you are caught in a pharming scam, then you will be tricked into going to a spoof site. Spoof sites are often created for banks and credit unions, e-commerce sites, and popular services such as the web auction site eBay or the online payment service PayPal. Many spoof sites will even have a legitimate-appearing web address that begins with the address of the legitimate site it is spoofing. In this case, the address will also include a long string of characters after it, such as: www.yourbank.com/asp/123456/accounts.

Viruses  A computer virus is a program that alters software on your computer without your permission or knowledge. A virus runs without prompting and infects programs such as word processing software and, as a result, can destroy your data. Like their namesake suggests, viruses are designed to spread. Often a virus will access your email address book and mail itself to everyone you know or will plant itself in attachments you email. Identity thieves use computer viruses, for example, to spread malicious code that can record your keystrokes — a practice known as keylogging — to steal your private information.

Worms  A computer worm is a program that enters the computer and spreads in the same way a virus does. But unlike a virus, which attaches itself to another program, a worm is self-contained and can spread on its own. Worms may infest your computer to steal identity information through keylogging or other means.

Spyware and adware  Via viruses or worms, spyware is a program that can be secretly installed on your computer to capture your personal information such as passwords, account names and numbers, or other personal identifiers. This data, along with other content stored on your computer and Internet usage habits, is then relayed to a third party for malicious purposes. Spyware can also help criminals hijack your computer to, for example, send spam from your machine without your knowledge. Adware, on the other hand, may capture and invisibly report user preferences for statistical marketing purposes.

Trojan horse Unlike viruses, Trojan horses do not replicate themselves. A Trojan horse can come to your attention through an email or web site and will disguise itself as a useful program that you have to download or open. Once it’s in, a Trojan horse can destroy your hard drive, steal identity information, cause your web browser to redirect to spoof sites, or even hijack the computer’s processing power and use it to spread spam or viruses.

Bots  Short for robot, a bot is a program that can access computers connected to the Internet. Even though search engines use legitimate bots to crawl through web sites and index their content, there are also malicious bots that sneak on to computers through phishing or viruses, for example, and use keylogging to gather personal information. Even worse, one bot can be part of a network of bots that are involved in Internet schemes and crimes unbeknownst to you.