References‎ > ‎

Phishing Seminar References

Thank you for attending Don't Fall Victim to Identity Theft.  Here is the data from which the presentation was built.  If you've reached this page without having seen the presentation, please email me to set up a time!  It all makes more sense when we've walked through the material together.

Cross References

The seminar is written so that many other resources on this web site may come up.  I encourage you to examine the Resources tab above, particularly the Basics page, the Identity and Finance page, and the Spam Filtering page.

Primary References

The Register on spear phishing
Brian Krebs reporting on a municipal bank account cleaned out by crooks, probably using a click-to-install bit of malware

The Town that Cyber Crime Built, from Wired (January 2011)

Scam warnings from the FBI

August 2010 Aeon security breach from Business Insurance.  This was the breach that exposed so many Delaware State Employee retiree's personal information.

Another look at that same breach from CreditReport.com

A very long, searchable list of breaches. To see the ones likely caused by falling for a phishing email, limit your search to "Hacking or Malware".

An in-depth look at ID theft from Nova / PBS

PC World report about an ID theft scam that played off of the celebrity iCloud compromise

MalwareBytes blog entry about using Twitter to lure people into giving up their login credentials

FBI warning about the Grandparent Scam

Supporting Information

What really happens when you click the link?  A quick blog entry from Sophos' "Naked Security" page* explores the possibilities.  They're talking about "unsubscribe" links in particular, but the same traps can be set under advertising links as well.
(*quite safe for work, not sure why they picked that name)

Michelle Singletary (Washington Post, reprinted by the Wilmington News Journal) wrote a cautionary column exploring the pros and cons of reverse mortgages.

An example of a fake job offer.  The blogger supposes that the victim will be "hired" as a money mule; but it could just as easily be an identity theft scam, where the scammer needs date of birth and SSN through the email for HR.

A tech blogger lets downloaded software have its way with a test virtual machine.  Don't try this at home, folks!  His point is that we should have better visibility into what's happening behind the scenes.  That's good for tech folks, but Microsoft and Apple have spent more than a decade sweeping the moving parts under the rug so we can focus on the experience. I think the better takeaway is, "hey, look at all the stuff that can happen if you click the link and keep on following directions!"

An example of how personal information can be turned into money.  I don't put this on the main site because there's no specific remedy for you, the consumer.  It is down to the organization holding the information (in this case, medical providers) to keep their defenses up.