How Much ID Theft Starts on the Web?

Last week, Javelin Strategy & Research released a study on identity theft. This reinforces some earlier reports we've read indicating that the majority of the theft does not start with those phishing emails or phony web sites. Despite some recent big losses at E-Trade Financial Corp. and TD Ameritrade, Javelin reports that 90 percent of the thefts start with the "old school" methods involving stolen bank statements, credit card bills, stolen checks and passwords, as examples. "The Internet always grabs the headlines, but it is individuals who are close to the victims, such as family and friends, that are doing most of it," said James Van Dyke, president of Javelin.

One in ten cases starts with the Web, email, a faked web site, or some other means of obtaining confidential consumer information. Javelin reports four percent of Americans were affected by identity theft in 2005. While this number is decreasing, the amount of each loss is growing. So there are fewer losers, but more losses.

While these numbers may influence your collateral materials and talk-offs to point your customers in the right direction for their own data security, financial institutions must remain ever vigilant in your own efforts. You must protect your customer data and you must encourage the customer to do the same. Even if a customer suffers a loss due to their own negligence, you may suffer the blame in whole or in part, and may still lose that customer as they try to re-establish themselves, but at another institution.

Promote to your customer what you are doing. Tout your efforts in multifactor authentication, tell the customer what you will be doing in the near future and what you won't be doing. Tell them you won't be asking them for their account number, SSN or debit card information. Tell them scammers out there may, and how they should contact you in the event someone does target them. Sometimes the best defense, is a good offense.

Phishing Doesn't Really Work, Or Does It!

Indiana University conducted a survey, "Designing Ethical Phishing Experiments: A Study of eBay Query Features" which may elevate your phears of being phished. While the Gartner Group estimated that three percent of recipients fall for these fraudulent messages, IU's study reveals a much higher number, 14 percent!

Gartner's estimates don't include unreported incidents as many people are embarrassed to admit it or don't know yet that they did. The IU study sent a faked message just as a phisher would. They elected an eBay fraud because of its popularity in the real world interface to cyberspace. A phishing message would normally send confidential information back to those wanting to commit theft. The IU message sent back a confirmation that the user had logged on. It could just as easily have been the confidential data. And these are not estimates, these are hard numbers.

Click here to read the PDF report"Designing Ethical Phishing Experiments: A Study of eBay Query Features."

A New Nigerian 419 Scam, Overnight Delivery

We're hearing of a new scam since so many are people are now familiar with the Nigerian 419 scam. The old scam was something like "I found $36 Million and it doesn't belong to anyone. I need to move it out of the country and I picked you to help me out of every other person in the world. I'll give you $4 Million if you help me."

The new scam includes the sale of an expensive motorcycle or car (Suzuki Katana GSX−600 4500 or a BMZ Z3 Roadster) offered through a site like autotrader.com or car.com. The sales price is too good to be true. But the buyer is asked to pay shipping and the ship-from site is usually in Spain or another European country.

The seller recommends they use an escrow site and then ship with DHL or Lufthansa Cargo. The websites and escrow companies referred to are faked. Some even caution the user to watch out for Internet fraud. And naturally, no shipping ever happens as there was nothing to sell.

While seen in Europe for now, this is yet another scam to watch for and to caution your customers about.