The 4 Ways You’ll Get Hacked

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://finance.yahoo.com/news/4-ways-ll-hacked-113005938.html

Amid all the news that hackers gave gotten their hands on millions of
credit card numbers and contact information from at least five retailers –
including Target and Neiman Marcus – many of you might be wondering what
those thieves could really net from just an email address, home address,
phone number or a credit card number. The answer depends on you, and what
kind of “ish” you could get sucked in by.

On the one hand, you’re technically right – once a credit card is canceled
and without your Social Security number, there’s not much left for an
identity thief to directly profit off of. But with a little extra work and
some programming ingenuity, identity thieves can use this information to
engage in what I like to call the pantheon of “ishing” – phishing,
spear-phishing, vishing and smishing – and still turn a tidy profit off of
their crimes with your inadvertent help.

So what are these four big Ishes? Let’s go through them, shall we?

1. Phishing

If you have an email account, you’re probably already familiar with
phishing, which is when you (and thousands of other people) get an email
claiming to be “your” financial company, email provider or best friend
(among other identities) in an effort to get you to give them sensitive
financial information or personal information (like your Social Security
number), or even to click on a link that will collect that information or
install a virus or malware onto your computer.

What you might not know is that phishermen’s trawling tactics are
increasingly sophisticated and their emails look more and more like they’ve
come from reputable sources, which is why you have to retrain yourself not
to click, no matter how initially important or worrisome the email might
be. If you think you do need to be in touch with your financial
institution, email provider or best buddy, type that email address directly
in a new window, or web address in a new browser.

2. Spear-Phishing

Spear-phishing is, as it sounds, just a more targeted form of phishing:
hackers will go through lists of contact data looking for people that seem
either more vulnerable to phishing tactics or more important – like people
who work at financial services companies – and send them tailored emails
that appear to come from specific, important people they know. They’re
often asked to click on links or download seemingly innocuous files and –
bam – the hackers are in.

3. Vishing

Vishing is how hackers take advantage of phone number databases – like the
ones accessed in the SnapChat hack. They’ll call you and claim to be from
your bank (they just need your account number and routing information), the
IRS (just confirm your Social Security number) or even Microsoft (just let
them log into your PC remotely) to try to gain access to your personal or
financial information or even install malware on your devices.

4. Smishing

Perhaps the newest identity theft technique is smishing – and, no, this
isn’t what Snooki and the gang were talking about on “Jersey Shore.”
Instead, hackers use cellphone numbers they’ve obtained – through
everything from the SnapChat hack to the Target hack – to text people
unawares. They can disguise their numbers, pretend to be companies with
which you are affiliated or simply encourage you to open a link that can
install malware or viruses on your smartphone.

But all these techniques require one thing: that consumers fall for it!
They require you to let your guard down, assume your spam filter will catch
it, be distracted when so-and-so from “your bank” calls worried about your
account security, or wondering who would text you a link to something and
what it could all mean. They require you to think that Target’s offer of
free credit monitoring is all you need to protect yourself, that a hacker
having your email address isn’t a big deal, and that once your credit card
is replaced, you need not closely monitor your accounts after that.

The truth is that all of us – regardless of whether we think we’ve been
caught up in a data breach – need to be vigilant when it comes our
information. Check your accounts regularly. Check your credit reports for
free once a year with each of the major credit bureaus. Ensure the reports
are accurate and that you recognize all the accounts. If you even suspect
they have mistakes, reach out to the bureaus (Experian, Equifax and
TransUnion). To monitor your credit more regularly, you can use a free tool
like Credit.com’s Credit Report Card for a breakdown, updated monthly, of
the information in your credit report along with free credit scores. If you
see your score drop for no reason, you know something could be up.

The hackers want you to let your own issues overcome your healthy
skepticism when it’s time for their “ish.” Don’t grant their wish.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.