Protecting yourself against identity theft and fraud begins with knowledge. The more you know about the risks that exist, the more you can become empowered to take measures to prevent yourself from becoming a victim. We hope this glossary helps you become better acquainted with the most common terms associated with Identity theft.
A device used to scan and save information from credit cards, drivers licenses, passports, medical cards and other laminated cards. Unfortunately, these devices are readily accessible to buy online.
Crimeware is a class of malware designed specifically to automate cybercrime. Crimeware (as distinct from spyware, adware, and malware) is designed (through social engineering or technical stealth) to perpetrate identity theft in order to access a computer user’s online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer confidential information.
The unintended disclosure of information that compromises the security of personal information, and can often lead to instances of identity theft.
Dishonest advertising-supported software automatically plays, displays, or downloads misleading advertisements to a computer after the software is installed on it or while the application is being used. Some may also be spyware or classified as privacy-invasive software.
Software that secretly and automatically installs on your computer when you visit certain websites. The user is usually unaware that anything was installed until after the fact.
Dumpster Diving is an activity in which thieves delve through trash, looking for personal mailings and documents. Thieves who resort to this method are often less experienced, or need to acquire the information quickly.
Any act or practice resulting in the loss of someone’s rights or property. It usually involves making false and misleading representations with the intention of cheating or stealing from another person.
Someone who exploits security holes in technology for any purpose.
Programs that can use your computer to dial expensive phone calls that later show up on your phone bill.
Identity fraud is different from identity theft. ID fraud is using personal information that is made up rather than stolen from a real person.
Identity theft occurs when a thief steals someone else’s personal information as his own, creating a new identity of an existing person. Some ID theft items can include a social security number, driver’s license number, usernames and passwords, employee ID number, mother’s maiden name, and account information, including bank accounts and credit accounts.
A software development tool that captures the user’s keystrokes. Its intended use is to measure employee productivity on clerical tasks. Keylogging has been abused by individuals who can easily buy the tool to spy on computers and obtain passwords or encryption keys.
Thieves steal paper mail from your mailbox to obtain personal information, pre-approved credit card applications, medical insurance statements or any other information that will help them get credit in your name.
Short for “malicious software,” it refers to any harmful software. Malware includes computer viruses, worms, Trojan horses, and also spyware.
Hackers redirect internet traffic from one website to a different, identical-looking site in order to trick you into entering your username and password into the database on their fake site. Your computer or DNS server has been hijacked into going to the fake site.
Thieves trick someone into giving them confidential information, usually through links within emails sent to the user falsely claiming to be a legitimate business or company in order to scam the user into giving private information. In most cases, these emails appear to come from financial institutions.
Thieves collect individual’s personal information under false pretenses such as posing to be from a charity or other legitimate organization. This is typically done over the phone or via email.
Scareware comprises several classes of scam software, often with limited or no benefit, sold to consumers via certain unethical marketing practices. The selling approach is designed to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics. A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) antivirus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware itself.
A statement added to one’s credit report when a credit bureau is notified that the consumer may be a victim of fraud. It remains on file for 90 days and suggests that creditors should request proof of identification before granting credit in that person’s name. Once a security alert is in place, the report is no longer available for online viewing.
A rootkit is a software system that consists of one or more programs designed to obscure the fact that a system has been compromised. Contrary to what its name may imply, a rootkit does not grant a user administrator privileges, as it requires prior access to execute and tamper with system files and processes. An attacker may use a rootkit to replace vital system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit.
Search Engine Optimization Poisoning is when hackers manipulate search engine results to get malware site at the top of search engine or poison top ranked legitimate sites with injected or implanted malicious code to redirect to a malicious site or download code onto the viewer’s computer.
Unsolicited commercial emails. Many of these come from legitimate companies but many also come from questionable businesses.
A fraudulent website or email that appears to be from a well-known company and attempts to get you to provide, update or confirm personal information. Similar to pharming.
General term for any technology that gathers information about a person or organization without their knowledge. Advertisers or other interested parties often use spyware programming to gather and relay information.
Unlike a virus, Trojan horses contain or install malicious programs that can run autonomously, masquerading as a useful program, or hack into the code of an existing program and executes itself while that program runs.
Malicious programs with the ability to replicate and install themselves, or infect, a computer without the computer user’s knowledge or authorization. Viruses are often unintentionally downloaded when the user accidentally clicks on a link to a virus.
Using Voice over Internet Protocol (VoIP) phone numbers to steal user information.
Computer viruses which can self-replicate by resending themselves via email or a network message.