Protect Your Paperwork, Mail and Yourself From "Vishing"

This is the time of year where people are getting a lot of stuff in the mail, and they are cleaning their places up to prepare to ring in the New Year. Furthermore, these people have more time off, they are on their computers more, and talking to friends and family on the phone more. Scammers are very aware of this, and they have created new tricks, known as “vishing,” by using the computer, voicemail, and phone to scam you.

More on vishing in a bit.

The Practice of Mailbox Raiding

Most people, when they think of identity theft, believe that it only occurs when a hacker compromises personal information to take over checking accounts or open new accounts with your information. The reality of it is, however, that identity theft most often occurs when the “bad guys” gain access to identifying information via means such as paper records or the telephone. It is through these methods that criminals can obtain your address, name, or Social Security Number, and then they open up or take over accounts that already exist.

While hackers are cracking into databases and stealing millions of records each year, there are also street-level identity thieves that are using low-tech means to steal our identities. These thieves live in and around your neighborhood, and they do things such as steal mail from your mailbox in hopes to obtain information that will give them the opportunity to steal an identity.

What Is Available to Thieves in the Mail?

There are a number of types of mail that thieves can take when going through your mailbox.

  • Bank and financial statements
  • Credit cards
  • Checks
  • Mobile phone bills
  • Utility bills
  • Credit card offers
  • Membership statements
  • Disbursements of funds
  • Benefit statements
  • Tax information
  • Employment papers
  • Social Security statements and checks
  • Income statements

Just one or two of these sensitive documents contain enough information for identity thieves to take over existing accounts or to open new accounts. While some data is often omitted from the statements for privacy, this still isn’t often enough to stop the thieves. They can simply gather the omitted information in other ways, such as impersonating you to get more details.

Dumpster Diving: What Can an Identity Thief Get?

When most people think of dumpster diving, they likely think of homeless people who are in search of their next meal. The homeless and hungry are not the only ones who dive into these dumpsters, however. Criminals also are becoming more aware than ever before of the loot they can get from the trash.

Think, for a moment, about the mail you get each day. What do you do with your bank statements or credit card offers? Are you shredding them? Do you simply throw them in your garbage and take them to the curb? Do you know what your bank does with the paperwork from your cashed check or bank transfers? Do you think the bank shreds them or disposes of them in the right way? The info that an identity thief gains from your mailbox might also be found in the dumpster behind the bank, utility company, mortgage broker’s office, doctor’s office, or even your own trash.

One of my colleagues recently spent three minutes sifting through a dumpster behind a major bank to see what he could gather. In those short minutes, he found a number of records that could be damaging, including those with account numbers, names, and even Social Security numbers. He also found copies of checks with account numbers and EIN numbers printed right on them.

This type of “dumpster dive” gave us enough information to access the bank customers’ accounts or even to steal their identities. Though we were simply doing this for research purposes, and we shredded all of the information we found, not everyone out there is as honest.

Protecting Your Mailbox From a Raid

You can take steps to protect yourself from a mailbox raid by taking the following steps:

  • Discontinue your use of paper statements. Electronic statements in your email are easily managed and more secure than paper…not to mention they are eco-friendly.
  • Get a mailbox that locks. You do not have to provide a mail carrier with the key if you purchase a mailbox that allows them to insert the letters through an opening.
  • Rent a PO Box, and use it for sensitive mail. In this case, only you and the postal carrier have access to this box.
  • Call the post office if you go more than a couple of days without getting new mail. It could have been stolen.
  • Pay attention to when you should expect bank statements or other bills, then you will know if they do not arrive when they are supposed to.
  • Request that your personal information be removed from the lists that are maintained by the Direct Marketing Association. Eliminate all other solicitation, too, to minimize any risky mail.
  • Opt out of any pre-approved credit card offers.

Protecting Yourself From Dumpster Diving

To protect yourself from dumpster diving, make sure that you are not throwing away any item that contains personal information. When deciding what things to discard or shred, keep the following in mind:

  • Is my name on it?
  • Is my full address on it?
  • Does it contain my Social Security number?
  • Does my account number appear?
  • Does my birth date appear?
  • Is this a financial statement?
  • Does the password appear?

If the answer to any of these is ‘yes,’ shred the document before you discard it. The best is a crosscut shredder. Crumbling up the paper or cutting a credit card in two will not protect the information from a thief.

Keep your shredder in an area where you will see it, so that it is convenient. This way, shredding becomes a habit and you can immediately shred any document that has identifying information that you mean to discard. You must make sure that though you might be cautious, others might not be, and this is where you must remain as vigilant as possible and stay in contact with your bank and financial companies about what they do with your information.

What Is Vishing?

Vishing is a type of social engineering in which criminals will call a victim on the phone, and then try to lure them into giving personal information. This info is then used to commit identity theft. The term comes from a combination of “phishing” and “voice.” Phishing is using a spoof email that is designed to trick people into clicking links that are malicious. Instead of a simple email, however, vishing relies on a telephone call, which instructs people to provide personal information, such as account numbers.

The scammers who do this contact targets by both telephone and email in order to reinforce that they are professional. This method is a persistent one, and ultimately, very convincing. The best way to defend against this type of attack is to determine whether or not the communication is legitimate. Do this by reaching out to the business, agency, bank or other entity that is supposedly in contact with you.

The techniques that criminals often use when vishing include:

  • Wardialing: This is a vishing act where the visher uses a system to call specific areas with messages about regional or local banks or credit unions. When someone answers, a recording plays that requests listeners to enter their credit card numbers, bank account information, or debit card numbers with PINs.
  • Caller ID Spoofing: This is when a “bad guy” uses a fake number on a person’s caller ID. A number of legitimate companies use this, but so do criminals. For instance, these criminals might manipulate the caller ID to say the local bank name to trick people into truly believing they work for the bank.
  • Social Engineering: Social engineering is a fancy, more technical, form of telling a lie. Social engineering techniques are used to pass over sophisticated security software and hardware. These automated recordings are often used by criminals to make themselves more convincing.
  • VoIP: VoIP, or Voice over Internet Protocol, is a phone system that is based on the internet. It allows people to vish by using a number of technologies, such as caller ID spoofing, wardialing, and working in tandem. These people are known to use VoIP to make their calls, and will exploit the databases that are connected to the VoIP systems.

Protecting Yourself From Vishing

Having knowledge is the key to protecting yourself from vishing. The better you understand the process, the better off you will be. Do some research on vishing, and asked your bank if they will give you information about vishing online and via mail. This is a rapidly evolving crime and becoming more sophisticated all of the time. So, you must stay up to date. Protect yourself with the following:

  • If you get a phone call requesting personal information, hang up. If you think that the call might come from a legitimate organization, business, or institution, call them back directly to confirm that the request is legitimate.
  • Call the bank to report any suspected fraud. The sooner it is reported, the more quickly the organization can spring into action.
  • Never trust caller ID. It is easily tampered with, and it offers a false sense of security.
  • Document any call in which you give personal information. Write down what info was requested, what information you gave them, and if possible, the phone number and name of the caller. If you suspect fraud, report the call.

Most of us lack the knowledge, time, and resources to protect their identity. Not all of these forms of identity theft and fraud are preventable, which is why it is best to know ahead of time. This climate makes it imperative that you understand and invest in ID theft protection.