Social Engineering

One of the most clever ways of engaging in identity theft is through what has been come to be know as "social engineering." In short, social engineering simply means tricking someone into believing they are providing information to a legitimate source. Another method of acquiring personal information that can be grouped under the heading of social engineering is "dumpster diving," or rummaging through trash.

In both cases, these are ways of getting a person's vital personal information in order to commit a crime without the person knowing. In most cases people who have been the victims of social engineering had a hand in helping the thieves get the information.

Telephone Tricks

A very popular way to socially engineer access to personal information is by using the phone. This can be done many ways but one common example is the phone call that begins, "you are receiving this call because you answered an ad or requested information about … ." Often the caller also might add "you have a credit card with the last four digits … ." Then they ask for permission to use that card. In the process of the call, the potential victim might be tricked into giving out the entire credit card number or providing other identifying information such as their Social Security number.

These and other calls, such as those asking the person to answer questions for a survey, might well be legitimate, but they might not. It is not uncommon for the social engineer to mask the request as part of defense against fraud. Savvy social engineers catch a person off guard by claiming that someone else has tried to gain access to their account information, they then claim that in order to reactivate the account they must get confirmation of account numbers and often other information, such as log in names and even passwords. Before long the victim has handed over just the information the thieves wanted.

The Internet

Scams such as this are becoming quite common on the internet. People whose email addresses have been sold and resold many times to mass mailers can get two or three such fraudulent emails a day. Just as with social engineering by telephone, the thieves often disguise the attempt to gain the information by saying they are trying to investigate fraud. In many cases these can take the form of legitimate-looking surveys or web sites with similar – but not quite the same – names as established companies.

One such tried and true scam is known as the "Nigerian" letter. This email is sent supposedly by someone in Nigeria (or any number of other countries these days) asking for monetary help. The fictional “Nigerian” is supposedly caught in civil war and unable to gather necessary funds to “escape.” Once the recipient, who is promised a portion of the money if they help, gives out their bank information, there is a withdrawal but no deposit.