I have seen “pretexting” in the news far too much without commenting on it.
What is pretexting? According to wikipedia it is “the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone”.
So in other words its a specific type of social engineering. Or as I like to call it: fraud.
Lets not beat around the bush on this one. If you contact a company and pretend to be me in order to get information about me, or acquire a service or funds that you are not entitled to, you are committing fraud (and I will beat you down).
Having been the victim of both identity and credit theft, I take privacy very seriously. But yet even a thorough understanding of privacy and paranoia is still not enough.
The first time it happened someone forged my signature (convincingly too) to have all of my mail forwarded to Texas. The motivation on this one is still unclear, but it took the post office months to straighten my mail out.
The second time I was a victim of credit card “double-swipe”. While at a gas station in Ontario, CA someone swiped my debit card through a modified card reader. This reader recorded the information stored on the strip on the back of my card. They also recorded my CVV (the 3 digit code on the back of the card) and used the information to print a new magnetic strip and clone my debit card. It was used for ‘card in hand’ transactions in Toronto.
Neither of these events could have been prevented… by me. However with proper legislation our government could force private industry to implement effective safe guards against these sorts of attacks. Unfortunately until these safe guards are mandated or they become cost effective, they will never happen, and we as consumers will continue to suffer.
A prime example of this country moving in the wrong direction is the recent HP verdict. The top levels of the company condoned (nay, encouraged) pretexting and got off with no jail time.
And now we are seeing pretexting causing issues with xbox live.
We have to be clear with law makers that we will no longer sit by and let our personal data be stolen and sold.
Until we can convince law makers that this sort thing will not be tolerated all we can do is learn how to protect yourself and support organizations that are trying make things right.
Electronic Privacy Information Center (EPIC)
Identity Theft Resource Center
Privacy Rights Clearinghouse
Privacy Laws by State (source: Epic.org)