MALWARE – Malicious Software

You’ve probably heard the term Malware, but do you really know what it is and how it gets onto your devices?

Malware refers to malicious software that is unwittingly downloaded on your computer or other devices. Once downloaded, you will more-than-likely become a victim of identity theft.

Malware
My Malware Protection Recommendation

Malware Infections Happen in Several Ways: 

Links or Attachments in Emails & Text Messages: You may open an attachment or click on a link in a phishing email or text message. Fraudsters will include links with an urgent message to entice or require you to click on them. In other words, the message is crafted to convince you that there is a need for you to take action or suffer the consequences of your inaction.

Fake Websites: Scammers often create authentic-looking, but fake websites, to trick you into entering your personal information. You may think you’re purchasing merchandise at a great price, or applying for a job, or perhaps you clicked on an article that caught your interest. Oftentimes, you just landed on a fake website because you typed the website address incorrectly by misspelling it or clicked on the wrong website during an internet search.

E-cards: These electronic cards are a fun and inexpensive way to celebrate a special occasion or holiday. But e-cards can be dangerous if they do not originate from a well-known e-card website. If someone sends one of these to you and it originated from a fake website, you may download Malware instead of an e-card.

Scammers: The “Tech Support Scam” is a good example of how it’s done.  An imposter, claiming to be from Microsoft, contacts you. They manage to convince you that your computer is infected with a virus. Next they ask you to give them control of your device, so as to assist you with getting rid of the virus. Alternatively, the imposter may convince you to download a program from their fake website to help erase the virus. Just realize that whichever of these options you choose, you will instead, be actually infecting your computer with Malware.

Once Malware is installed – you have opened yourself up to identity theft.

The malicious program will allow a criminal to have access to all the files on your computer. If you have any files that have personal information, such as copies of your credit report, tax return, bank or financial statements, the criminal will then be able to view all of these files.

Additionally, all the email addresses of those in your contact list will be readily available to exploit. The criminal will use the Malware program to send SPAM emails to everyone in your contact list – which will include tainted malicious links or attachments. Recipients of these SPAM emails, will think it is safe to open them, because the email came from you. As a result, everyone in your contact list can easily be infected with the same Malware.

Worst of all, the Malware program gives the criminal the ability to log (read) your keystrokes. This keystroke-logging program allows them to capture the pins, passwords, credit card or other personal information whenever you type them, via your keypad.

Moral of the story: 
  • NEVER click on links or open attachments in email or text messages.
  • Be wary of emails containing links or attachments even IF they appear to come from someone you know.
  • Type all website addresses very carefully.  Take notice how easy it is to misspell a web address or add or miss a letter. For example: ammazon.com or amzon.com or amazon.cm
  • Be careful what you click on when browsing the internet, including Ads, surveys or discount coupons – even on legitimate websites.
  • Don’t open e-cards unless you’re sure it’s legitimate. Do not open it if the sender is unknown to you.
  • Never give control of your computer to anyone you don’t know or trust.

SYNTHETIC IDENTITY THEFT

According to the Federal Trade Commission, 80 to 85% of all identity fraud stems from Synthetic Identity Theft. Fictitious identities are created when an Identity thief creates a fresh new identity using elements of valid and/or fabricated forms of personal information.

As an example – a thief with a stolen valid Social Security number will combine it with a fake name, address and date of birth to create a brand new identity.  Because a valid Social Security # is used, there is no actual victim or true identity behind this false combination of identity elements.

Synthetic Identity Theft

 

Once Created – The Mischief Begins!

The merger of this real and fake personal data is then used to commit criminal, medical or financial fraud. Once an ID thief creates a new synthetic identity, they will attempt to apply for loans, credit or a job; get medical services, obtain cellphone service or even use the synthetic ID if they get arrested.

Remember that this newly created identity still contains your social security # as the main component and source of reference. Therefore, it becomes part of a fragmented or sub-file to your main credit file.

Additionally, fraud alerts, credit freezes and credit monitoring services will not indicate that anything is amiss. These usual protective measures do not stop Synthetic Identity Theft.

Unfortunately, the massive Equifax data breach, reported in September of 2017, exposed the valid social security numbers of nearly 148 million Americans. Realize also that those stolen social security numbers have already been purchased by criminals on the dark web – in underground black markets. Unfortunately, you cannot change your social security number!

 

What are Banks and Credit Card Companies Doing to Combat This?

Financial institutions understand the need to use any and all tools available to stop synthetic identity theft. They’re using advanced analytics, device intelligence and monitoring of underground websites. Credit Bureaus utilize tools that are able to detect when identity elements appear to be used inconsistently. They have developed analytical scores that help them determine whether a Social security # and identity belong to the right person.

A new federal law should also make it easier for creditors to verify ownership of a Social Security # with the Social Security Administration – which should help them verify that credit applicants actually exist.

 

THERE’S NO SILVER BULLET – BUT THESE STEPS MAY HELP

  • Only use an identity theft monitoring service that includes dark web monitoring. The service will check for personal identity elements, such as a SSN, that may have been exposed in a recent data breach.
  • It’s still worth placing a credit freeze with all three of the credit bureaus. Credit Freezes are now FREE in all 50 States as of September, 2018. Here’s is a previous article of mine explaining how to place a freeze
  • Get your free credit report at annualcreditreport.com from one of the three credit bureaus and check to see that there hasn’t been any unauthorized accounts opened.
  • A child’s SSN is often used to create Synthetic ID Theft. So, be sure to also place a credit freeze for your minor children as well.
  • National databases hold the key to discovery of Synthetic ID Theft. The DMV, insurance companies, data brokers, employers, prison or police records may all contain synthetic identities that include your social security number. Use a credit monitoring service that checks national databases.

 

Synthetic identity theft is a complicated and growing problem because it’s hard to detect and prevent this type of fraud. Once these synthetic identities are created, they become ‘verifiable’ identities and can therefore pass traditional security checks.

Unfortunately, it’s going to be up to you to be ever diligent if you want to protect yourself in the age of rampant fraud and deception.