It may be the Sherlock Holmes story called “The Red-Headed League” by Sir Arthur Conan Doyle that first immortalized a business scam in literature. In that case, the scam was set up to remove someone from his usual place of work in order to commit a theft. These days, identity theft scams — swindles intended to gain enough information to co-opt someone’s personal information, such as credit card numbers, Social Security number, bank accounts, and user names and passwords — are much more common than fake jobs simply to get a person to change his or her daily schedule.
Identity theft scams can take place through the mail, through newspapers, through phone calls, or online. Some are capable of being carried out through a variety of different media. They have in common that they attempt to get at least one piece of valuable personal information in order either to exploit it or to use it as the basis for getting more.
One of the identity theft scams that does involve a phony job may work in several ways. In one version, in order to be hired, one needs to download software program to work with. The program is actually malware designed to steal information. Alternatively, the wonderful position will be available to the target after he or she fills in a job application and tax forms. If the target of this attack follows the rules for verifying company information, such as checking their website, ascertaining their physical location, and ensuring that the emails from representatives aren’t just free email service addresses, then he or she is more likely to recognize the scam for what it is.
Another of the oft-used identity theft scams involves informing the target that he or she has won a lottery, often in a foreign country. The target’s name, address, and Social Security number — for tax reporting — are all that is necessary to secure this windfall, the target is told. If the target follows the basic rule of thumb that authentic, aboveboard companies never ask people to divulge personal information over the phone, she or he will avoid being taken in. A variant, informing the target that he or she has inherited great wealth from a distant relative, may follow a similar plan or may request the target for bank account information in order to make a deposit.
Online identity theft scams may take a variety of forms. Some of these types of scams are phishing, in which the scammer tries to lure the target into divulging valuable personal information either directly or by downloading a file that is actually malware made to steal passwords, account numbers, etc. Spoofed websites — impersonations of authentic websites that encourage typing in usernames and passwords or downloading files — are used to the same ends. Other ways of attempting to obtain this information uses screenlogging and keylogging — both of which record the target’s entries into what are supposed to be secure sites — and session hijacking, which takes over a user’s interactions, once he or she has logged into an account or initiated a transaction.
