Home Living
Security Concerns
By Dan Smith

Security Concerns

As personal financial privacy and identity theft continue to grow, the methods employed by the criminal side of the equation continue to evolve. I was recently speaking with a security and fraud expert from Boulder, who was “creatively recruited” by the Navy many years ago. I took this to mean that he had at one time been a part of the problem in the world of high level computer hacking. Long story short, he is now working as a consultant with companies to make sure that their clients information is secure and kept private. One of the techniques he said he still uses most to test an organization is what he calls “social engineering”. He researches the given corporate hierarchy and the names of people in key positions, like the head of the IT department for instance. Then he calls lower level employees with access to the information that is most vulnerable, and poses as one of their superiors/supervisors in a phone conversation. It may involve asking them to test a new password to make sure no one else has been using theirs inappropriately. It may be to enter a new “John Doe” account complete with password, so he can run diagnostics. But the trick is to sell the con in a forceful confident way. Some of his stories were really quite interesting.

This brings up the most important point when it comes to protecting your own identity. Never under ANY circumstances should you ever give out you social security number over the phone, unless you have initiated the call and know exactly who it is you are calling. There are no legitimate companies of any kind that will require you to do so. While many banks and financial institutions ask for the last 4 digits to confirm your identity, none of these organizations ever requires the full 9 digits. So if you ever receive a call from someone posing as a credit card service representative, bank employee, or similar entity who requests that information, you can be assured they are doing just that – posing. Many of my current customers have a very healthy hesitancy to provide their social security number to me on the phone, even when they have initiated the call themselves. That is perfect as far as I am concerned. I always offer them my web site address, so as to allow them to fill out the necessary form in a secure server environment (denoted by the small yellow lock that appears in the lower corner of your browser, when you are at a secure site). Or better yet, I suggest a face-to-face meeting in my office to dispel any notion of fraudulent behavior.

It is likewise just as important to treat incoming emails in just the same way. Anyone who has a PayPal account no doubt has received a “phishing” email asking them to update their account information. However PayPal never sends such requests to its’ customers, and any updates needed would be prompted for at the time you logon to your account, after you directed your browser to their address independently.  So while the email you received may well direct you to a secure server environment after you click on the link provided, you are likely to find you are not at the site you thought you were. You are simply being fleeced of your identity in the same old fashioned way my security friend called “social engineering” above. This technique is becoming more widely used by the crooks daily, and it has involved customers at most of the largest banks and credit card companies. Web sites are easily constructed to look and feel like the real ones. With the average cost of reacquiring a new identity at over $10,000 and literally hundreds of hours of frustration, it pays to be skeptical and safe.

For expert advise on this or any other aspect of home finance, call the professional. Dan Smith can be reached at 303-674-0201. Or visit his web site at www.ColoradHomeLoans.com any time!