An Identity Theft attack is the attack intending to steal from you the most confidential and sensitive information: your personal data, social security number, your ID data or usernames & passwords, by pretending to come from a reputable, trustworthy entity – like your bank or authorities asking you to enter and validate their records about you.
Normally the Identity Theft attack is very similar to any phishing attack that comes in two phases: the e-mail containing malicious URLs and the fake website. The consequences are more severe, this is why we treat it apart in our training program. The e-mail contains the social engineering component and its objective is to trick you into believing that it is a legitimate communication from the officialities or bank and to make you enter the fake website and give away your personal data. The e-mail may have various formats and come from different entities, we present you here a few examples:
Messages coming from law enforcement claiming that you have been fined for speeding or any other offense and asking you to enter their online platform to acknowledge it and indicate how you will pay it, or even asking you to pay online at 50% of the amount.
Messages coming from Social Security or department of immigration asking you to confirm your citizenship status and details.
Messages pretending to come from health authorities or private insurance asking you to confirm your details of citizenship and help in order to benefit from the insurance – some gratuities are also offered as special incentive.
Messages that pretend to come from Department of Labor or similar ministry, as well as from Pensions Funds asking you to confirm your labor status and contributions.
Messages coming from your bank asking you to validate your credentials and personal data. Or to change your credentials, asking you to validate the data and select a new password with an increased complexity.
Messages coming from your bank warning you about unauthorized transaction from your account that have triggered the account blocking procedure. To unlock it you must enter the fake website, put your username & password and they are asking you also some classic security questions about some very personal information.
Messages coming from a Court of Justice pretending that you have been sued by your neighbor and asking you to enter a platform and confirm your ID in order to see the claim.
The website component is simply imitating the legitimate pages of the entities, mimicking their legitimate authentication and usage processes, and place them under domain names very close to the originals or camouflaged in complex URL constructions that give the unaware user without any clue where it is hosted or whether is the original or fake website.
There’s no reason to postpone training your employees
Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.