| td> | | | | and other private data. Some of their clients are |
| No doubt, by now, you’ve been warned | | | | major banks and insurance companies. Pretexting |
| about "phishing". Phishing attempts to steal | | | | has often been the corporate investigative tool of |
| personal information via faked websites or bogus | | | | choice. |
| "official" communications, designed to lure the user | | | | The most notorious example of this practice |
| into providing information via web forms. There | | | | coming to light recently has been the drama |
| are numerous tools now available to help protect | | | | played out at Hewlett Packard, where the board |
| users against phishing, which is a fairly "passive" | | | | chairwoman and other HP luminaries hired an |
| form of social engineering. The recent scandal at | | | | investigative agency to track the source of leaks |
| Hewlett Packard brought a more sophisticated | | | | coming from board meetings. The investigators, in |
| form of identity theft via social engineering to the | | | | turn, engaged in pretexting to attempt to gain |
| public consciousness: pretexting. | | | | phone records on a suspected board member and |
| According to the Federal Trade Commission, | | | | on the journalist(s) who were writing stories |
| pretexting is the practice of getting your personal | | | | based on the links. |
| information under false pretenses. Pretexters sell | | | | Computer hackers call the use of an assumed |
| your information to people who may use it to get | | | | identity "social engineering." That's an endearing |
| credit in your name, steal your assets, or to | | | | title for theft, but the fact is that this type of |
| investigate or sue you. That information may | | | | behavior has been in the news for some time |
| include your Social Security Number (SSN), | | | | preceding the HP fiasco. Presidential candidate |
| telephone records and your bank and credit card | | | | Wesley Clark had his cell phone records purchased |
| account numbers. | | | | by a blogger, who turned them into a major |
| Pretexters use a variety of tactics to get your | | | | political story. The HP story has resulted in an |
| personal information. For example, a pretexter | | | | investigation by the California Attorney |
| may call, claim he's from a survey firm, and ask | | | | General’s office, which says that it |
| you a few questions. When the pretexter has the | | | | currently has six "major" pretexting cases under |
| information he wants, he uses it to call your | | | | investigation, all of them corporate in nature. |
| financial institution. He pretends to be you or | | | | HP’s filing with the Security and Exchange |
| someone with authorized access to your account. | | | | Commission regarding this matter states in part |
| He might claim that he's forgotten his checkbook | | | | that, "The (HP board) Committee was then |
| and needs information about his account. | | | | advised by ... outside counsel that the use of |
| In this fashion, the pretexter may be able to | | | | pretexting at the time of the investigation was |
| obtain personal information about you such as | | | | not generally unlawful (except with respect to |
| your SSN, bank and credit card account numbers, | | | | financial institutions)..." |
| information in your credit report. Pretexting is the | | | | The Federal Trade Commission’s web site |
| key to identity theft, which most commonly | | | | section on this issue reads as follows: "Pretexting |
| results in credit card fraud, bank fraud, loan fraud | | | | is the practice of getting your personal |
| and communications fraud (opening a phone | | | | information under false pretenses. Pretexters sell |
| account fraudulently). | | | | your information to people who may use it to get |
| However pretexting is also alive and well in the | | | | credit in your name, steal your assets, or to |
| private gumshoe community: investigators | | | | investigate or sue you. Pretexting is against the |
| ostensibly working quietly but aboveboard for | | | | law." |
| legitimate clients. There is a thriving network of | | | | HP’s investigators are currently under |
| creative con artists who gather phone records | | | | indictment. |