IDENTITY THEFT

An Identity Theft attack is the attack intending to steal from you the most confidential and sensitive information: your personal data, social security number, your ID data or usernames & passwords, by pretending to come from a reputable, trustworthy entity – like your bank or authorities asking you to enter and validate their records about you.

Attack Vectors

Normally the Identity Theft attack is very similar to any phishing attack that comes in two phases: the e-mail containing malicious URLs and the fake website. The consequences are more severe, this is why we treat it apart in our training program. The e-mail contains the social engineering component and its objective is to trick you into believing that it is a legitimate communication from the officialities or bank and to make you enter the fake website and give away your personal data. The e-mail may have various formats and come from different entities, we present you here a few examples:
Messages coming from law enforcement claiming that you have been fined for speeding or any other offense and asking you to enter their online platform to acknowledge it and indicate how you will pay it, or even asking you to pay online at 50% of the amount.
Messages coming from Social Security or department of immigration asking you to confirm your citizenship status and details.
Messages pretending to come from health authorities or private insurance asking you to confirm your details of citizenship and help in order to benefit from the insurance – some gratuities are also offered as special incentive.
Messages that pretend to come from Department of Labor or similar ministry, as well as from Pensions Funds asking you to confirm your labor status and contributions.
Messages coming from your bank asking you to validate your credentials and personal data. Or to change your credentials, asking you to validate the data and select a new password with an increased complexity.
Messages coming from your bank warning you about unauthorized transaction from your account that have triggered the account blocking procedure. To unlock it you must enter the fake website, put your username & password and they are asking you also some classic security questions about some very personal information.
Messages coming from a Court of Justice pretending that you have been sued by your neighbor and asking you to enter a platform and confirm your ID in order to see the claim.
The website component is simply imitating the legitimate pages of the entities, mimicking their legitimate authentication and usage processes, and place them under domain names very close to the originals or camouflaged in complex URL constructions that give the unaware user without any clue where it is hosted or whether is the original or fake website.

Prevention Tips and Advice

Although the sophistication of the attacks is considerable, there are several simple tips that you may consider in order to avoid the Identity Theft attacks:

Treat cautiously any unsolicited message and, as a rule of thumb, don’t click on URLs contained in their body unless you are 100% certain they come from whom they say. Please try to look into the message headers (here you can find how to do it in Outlook) because 99.95% of the ID Theft messages are coming from spoofed addresses that are easy to spot in the headers: for example they appear to come from John Smith from yourbank.com in the To field, but in the header you see that the sender is something like q23243sweybyf@123tyourbank.com (or from some other domain name).
If you receive unsolicited messages pretending to come from authorities, please try to access the respective website only by MANUALLY TYPING their address in the browser. Check the https icon in the left upper side of the browser and the domain name that is displayed after clicking on several buttons (in order to prevent browser hijacking techniques).
Please use an antimalware solution that contains web and content filtering modules, because these controls are very effective against fake websites, blocking your access to dangerous pages, pre-validating their content and also warning you about suspicious aspects. Also, a good antispam solution will filter more than 90% of the ID Theft messages.
When you receive messages containing URL-s you can always check the URL structure and real Internet address at mouse over (when you pass with the mouse over it). Be careful as the attackers are using very similar names or trick you by using numbers (ex: Cit1Bank, or Micros0ft, or Gogle/Gooogle, or Aple, or 1NG Bank). Also, be careful at URL structure – for example while https://authentication.mybank.com is a subdomain of MyBank, a construction like https://authenticationservice.com/MyBank/ is a subdomain of authenticationservice.com.
If the message is pretending to come from authorities, please consider that no authority is requesting your Social Security Number or other ID in pages referred by URLs in messages; instead they are asking you to enter normally into your accounts and perform the actions there as indicated. And in doubt, better call or visit their closest office.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.