Pages

Saturday, 8 November 2014

Pretexting and how it affects our life?


Definition - What does Pretexting mean?

Pretexting is a social engineering technique in which a fictional situation is created for the purpose of obtaining personal and sensitive information from an unsuspecting individual. It usually involves researching a target and making use of his/her data for impersonation or manipulation. Personal data may include Social Security numbers (SSN), usernames, passwords or other privileged information.
An important aspect of pretexting is establishing a target's trust. Because information is power, research is the most important aspect of pretexting. For example, the ability to impersonate a tech support representative or telemarketer is useless if a particular target does not accept unknown calls.
Calls from service providers of credit cards, loans and insurance are commonly used. In such cases, a target may be asked to bypass paperwork and apply and agree to service terms over the phone. Under a pretexting scam, a fraudulent caller is likely to have some of this information but ask for other details. For example, a caller may ask for a SSN or even usernames and passwords associated with a bank account.

Legitimate calls are easily identifiable because a caller knows an individual's information and will only ask for an agreement confirmation to complete a transaction.

Many identity thieves have gained their victim’s financial and personal information using outright theft of documents, mail, or computer files. Some, however, use a sneaky technique, called “pretexting,” to trick a victim into literally handing over the very information that will be used to steal their identities.  What is pretexing? It’s the practice of obtaining your personal information under false pretenses. The criminals practicing this scam (called “Pretexters”) then sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law. 


Pretexters use a variety of tactics to get your personal information. For example, a pretexter may call, claim he's from a survey firm, and ask you a few questions. When the pretexter has the information he wants, he uses it to call companies with whom you do business. He pretends to be you or someone with authorized access to your account. He might claim that he's forgotten his account number or needs information about his account history. In this way, the pretexter may be able to obtain personal information about you such as your Social Security Number, bank and credit card account numbers, information in your credit report, and the existence and size of your savings and investment portfolios. Keep in mind that some information about you may be a matter of public record, such as whether you own a home, pay your real estate taxes, or have ever filed for bankruptcy. It is not pretexting for another person to collect this kind of information. 

By law, it's illegal for anyone to: 

  • use false, fictitious or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
  • use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer.
  • ask another person to get someone else's customer information using statements or documents as described above.
To protect yourself from pretexting, never provide personal, confidential, or financial information to individual initiating contact with you. If they claim to represent a company you do business with, tell them that in order to protect yourself against identity theft, you will need to reinitiate contact with this company. Most pretexters give up here. But even if you are provided with contact information, first use a number you know to be legitimate (from a bill or the phone book) to confirm the individual’s employment and authorization to request your info. If you don’t recognize or have a business relationship with the entity attempting to get information, do not provide it!

No comments:

Post a Comment