Fraud

Hang-ups: Hackers May Be Targeting Your Phone

By Kim Boatman

Don’t be too quick to dismiss a barrage of strange calls to your cell or home phone. It could just be pranksters or a mistake -- or it could be an indication that thieves are targeting your financial accounts. 

The FBI is warning the public about a sophisticated scam where criminals couple social engineering with computer-based denial-of-service attacks to a victim’s phone line in order to loot their accounts. Think you’re not a likely target? When it comes to this form of identity theft, you should think again, say security experts.

“Every one of us has the potential to become the victim of identity theft,” says Wayne Ivey, a Florida-based law enforcement veteran who works as a liaison with LifeLock, an identity protection company. “I’ve been the victim of identity theft twice.”

How the scam works
The attack might take weeks or months to unfold, according to the FBI. Criminals gather personal information about a victim from social networking sites or through phishing attempts, where the victim may give out information in response to an email or call.

The thieves may also use malware to gather information, such as account numbers and passwords from a personal computer. Once they have the information in hand, the bad guys either contact financial institutions, posing as the victim, or attempt to remove funds straight from the victim’s accounts.

This is where the calls come in. Using Voice over Internet Protocol (VoIP) automated dialing programs, the thieves besiege the victims’ phone lines so the financial institution can’t call to confirm the transaction. The bad guys then call the institution, posing again as the victim, and approve the transaction.

How to protect yourself
Security experts and the FBI offer several steps you can take to protect yourself against these attacks:

• Use your bank’s security methods. Ask your bank to require two ways of authenticating your identity, suggests Steve Santorelli, a former Scotland Yard computer crime detective who now works as director of global outreach for Team Cymru, a nonprofit Internet security research group. You can also request that they notify you before approving a transaction beyond a dollar amount you designate, says Ivey. And be sure to evaluate their overall security level. “If your bank doesn’t have a good approach to security, you should switch to a bank that does,” says Santorelli.
  

• Regularly review bank accounts and credit history. If you bank online, check your account for fraudulent activity each day, recommends Ivey. Also review your credit report on a regular basis.

• Use robust passwords. Many of us struggle to remember passwords, so we use the same simple password across all our accounts. To help you keep track of your passwords but still stay safe, try establishing five or six robust passwords, each containing letters and numbers, then designate a password for each area of your life, suggests Santorelli. For instance, you might use one password for work, another for social networking and a third for financial transactions. “When I change one of the passwords, I then change it for that whole section of my life,” explains Santorelli. That way, if one of your passwords is compromised, it won’t affect all of your accounts. Remember to change passwords frequently.
  

• Limit personal information. Social networking sites are a fact of life for most of us these days. Understand what you are sharing and with whom. “Dates of birth, addresses, children’s names -- all of those are potential bullets, ammunition for identity thieves,” says Ivey. Be vague. Offer a city but not an address, your name and age but not a birth date.

• Use strong, regularly updated security software. Criminals can use malware to track your keystrokes or to obtain sensitive financial information from your computer. Protect yourself by using security software and updating it regularly.

Most important, don’t underestimate how easy and lucrative it is for criminals to gather the information needed for such an attack as this, cautions Santorelli. “It’s a bunch of guys sitting in Moscow or Kiev,” he explains. “If they can invest a half-hour researching one individual, it’s actually a pretty good hourly rate. Even if they only get a hit once out of every five times, it’s worth their time.”