Jo Anne Barnhart, Commissioner of Social Security, and Patrick O’Carroll, Jr., Inspector General of Social Security, issued a warning today about a new email scam that has surfaced recently.
The Agency has received several reports of an email message being circulated addressed to “Dear Social Security Number And Card owner” and purporting to be from the Social Security Administration. The message informs the reader “that someone illegally is using your Social Security number and assuming your identity” and directs the reader to a website designed to look like Social Security’s Internet website.
“I am outraged that someone would target an unsuspecting public in this manner,” said Commissioner Barnhart. “I have asked the Inspector General to use all the resources at his command to find and prosecute whoever is perpetrating this fraud.”
Once directed to the phony website, the individual is asked to confirm their identity with “Social Security and bank information.” Specific information about the individual’s credit card number, expiration date and PIN number is then requested. “Whether on our online website or by phone, Social Security will never ask you for your credit card information or your PIN number,” Commissioner Barnhart said.
Inspector General O’Carroll recommends people always take precautions when giving out personal information. “You should never provide your Social Security number or other personal information over the Internet or by telephone unless you are extremely confident of the source to whom you are providing the information,” O’Carroll said.To report receipt of this email message or other suspicious activity to Social Security’s Office of Inspector General, please call the OIG Hotline at 1-800-269-0271. (If you are deaf or hard of hearing, call the OIG TTY number at 1-866-501-2101). A Public Fraud Reporting form is also available online at OIG’s website http://www.socialsecurity.gov/oig/hotline/index.htm.
Friday, July 13, 2007
Monday, July 2, 2007
WHAT EXACTLY IS IDENTITY THEFT?
IDENTITY THEFT
Identity Theft occurs when someone uses your personal information such as your name, Social Security Number, or other identifying information, without your permission, to commit fraud or other crimes. Individual identity theft victims may experience a severe loss in their ability to utilize their credit and their financial identity. This loss can be short in duration, or may extend for years. It may result in the inability to cash checks, obtain credit, purchase a home or, in the most insidious cases, the arrest of the individual for crimes committed by the identity thief.
Indications of Identity Theft
The following occurrences are some of the indications of identity theft:
Charges occurring on your accounts that you did not authorize.
If your credit is denied due to poor credit ratings, despite good credit history.
If you are contacted by creditors regarding amounts owed for goods or services that you never obtained or authorized.
If your credit card and bank statements are not received in the mail as expected.
If a new or renewed credit card is not received.
Identity Theft/Fraud Prevention Measures
Everyone should be aware of measures that can be taken to either prevent or minimize their chances of becoming a victim of fraud. Some of these measures are as follows:
NEVER give personal information via telephone, mail or Internet, unless you initiated the contact.
Store personal information in a safe place.
Shred credit card receipts and/or old statements before discarding in a garbage can - - If you don’t have a shredder, then use scissors.
Protect PINs and passwords.
Carry only the minimum amount of identifying information.
Remove your name from mailing lists for pre-approved credit lines or telemarketers.
Order and closely review annual copies of your credit report from each national credit reporting agency (Equifax, Experian, and TransUnion). You will find contact information for all three agencies attached.
Request the Department of Safety to assign an alternate driver’s license number if it currently features your Social Security Number.
Ensure that your PIN numbers cannot be observed by anyone while utilizing an ATM or public telephone.
Close all unused credit card or bank accounts.
Contact your creditor or service provider if expected bills do not arrive.
Check account statements carefully.
Guard your mail from theft.
Identity Theft occurs when someone uses your personal information such as your name, Social Security Number, or other identifying information, without your permission, to commit fraud or other crimes. Individual identity theft victims may experience a severe loss in their ability to utilize their credit and their financial identity. This loss can be short in duration, or may extend for years. It may result in the inability to cash checks, obtain credit, purchase a home or, in the most insidious cases, the arrest of the individual for crimes committed by the identity thief.
Indications of Identity Theft
The following occurrences are some of the indications of identity theft:
Charges occurring on your accounts that you did not authorize.
If your credit is denied due to poor credit ratings, despite good credit history.
If you are contacted by creditors regarding amounts owed for goods or services that you never obtained or authorized.
If your credit card and bank statements are not received in the mail as expected.
If a new or renewed credit card is not received.
Identity Theft/Fraud Prevention Measures
Everyone should be aware of measures that can be taken to either prevent or minimize their chances of becoming a victim of fraud. Some of these measures are as follows:
NEVER give personal information via telephone, mail or Internet, unless you initiated the contact.
Store personal information in a safe place.
Shred credit card receipts and/or old statements before discarding in a garbage can - - If you don’t have a shredder, then use scissors.
Protect PINs and passwords.
Carry only the minimum amount of identifying information.
Remove your name from mailing lists for pre-approved credit lines or telemarketers.
Order and closely review annual copies of your credit report from each national credit reporting agency (Equifax, Experian, and TransUnion). You will find contact information for all three agencies attached.
Request the Department of Safety to assign an alternate driver’s license number if it currently features your Social Security Number.
Ensure that your PIN numbers cannot be observed by anyone while utilizing an ATM or public telephone.
Close all unused credit card or bank accounts.
Contact your creditor or service provider if expected bills do not arrive.
Check account statements carefully.
Guard your mail from theft.
Social Engineering
What is Social Engineering?
Social Engineering is basically tricking people into revealing their personal information, passwords or other information that can compromise system security. A classic social engineering trick technique is for a hacker to make telephone calls or to send emails claiming to be a Help Desk technician, a system administrator or important management personnel.
The following are some examples of social engineering:
By telephone – The caller pretends to be someone in authority or someone needing assistance. The caller attempts to get you to reveal your logon information, information about your system or software, information about your organization’s staff or structure, etc. They may even attempt to get you to change your password to something they suggest, open an e-mail attachment they will send you, or visit a certain web site.
By e-mail – The sender pretends to be someone in authority or someone needing assistance, and sends an e-mail message to you requesting you to forward sensitive but unclassified (SBU) information via e-mail.
In person – A person walks through your office looking for sensitive information at desks, printers, fax machines, desktops, computer screens, etc. Social Engineering can also be done at Trade Shows/Conferences such as when you exchange information. They may also directly request the sort of information mentioned in the “By telephone” and “By e-mail” sections above.
In writing – A document transmitted via postal mail, inter-office mail, hand delivered, etc. can be used for social engineering.
On the Internet – Phishing (pronounced “fishing”) is a scam that uses links to the Internet to deceive users into disclosing personal information for the purpose of identity theft. Identity theft is the illegal use of another’s personal information in order to steal money from their personal accounts and commit fraud while impersonating the person whose identity was stolen. It often starts with e-mail that appears to come from legitimate companies or organizations (e.g., Employee Express, Citibank, AOL, etc.) and contains links to their official web sites. In fact, the e-mails are sent by criminals and link users to fake web sites, where they are asked to provide information like account numbers, PINs, Social Security numbers, etc. that will be used to commit identity theft.
In the trash – Dumpster diving is the recovery of information from paper products or electronic media that has been discarded.
Social Engineering is basically tricking people into revealing their personal information, passwords or other information that can compromise system security. A classic social engineering trick technique is for a hacker to make telephone calls or to send emails claiming to be a Help Desk technician, a system administrator or important management personnel.
The following are some examples of social engineering:
By telephone – The caller pretends to be someone in authority or someone needing assistance. The caller attempts to get you to reveal your logon information, information about your system or software, information about your organization’s staff or structure, etc. They may even attempt to get you to change your password to something they suggest, open an e-mail attachment they will send you, or visit a certain web site.
By e-mail – The sender pretends to be someone in authority or someone needing assistance, and sends an e-mail message to you requesting you to forward sensitive but unclassified (SBU) information via e-mail.
In person – A person walks through your office looking for sensitive information at desks, printers, fax machines, desktops, computer screens, etc. Social Engineering can also be done at Trade Shows/Conferences such as when you exchange information. They may also directly request the sort of information mentioned in the “By telephone” and “By e-mail” sections above.
In writing – A document transmitted via postal mail, inter-office mail, hand delivered, etc. can be used for social engineering.
On the Internet – Phishing (pronounced “fishing”) is a scam that uses links to the Internet to deceive users into disclosing personal information for the purpose of identity theft. Identity theft is the illegal use of another’s personal information in order to steal money from their personal accounts and commit fraud while impersonating the person whose identity was stolen. It often starts with e-mail that appears to come from legitimate companies or organizations (e.g., Employee Express, Citibank, AOL, etc.) and contains links to their official web sites. In fact, the e-mails are sent by criminals and link users to fake web sites, where they are asked to provide information like account numbers, PINs, Social Security numbers, etc. that will be used to commit identity theft.
In the trash – Dumpster diving is the recovery of information from paper products or electronic media that has been discarded.
Subscribe to:
Posts (Atom)