Understanding pretexting and six recommendations to protect yourself from pretexters: Internet ScamBusters #197
The #1 Publication on Internet Fraud
By Audri and Jim Lanford
Copyright © Audri and Jim Lanford
All rights reserved.
Today we’ll answer the question: What’s New With Identity
Theft? We’ll focus on pretexting, and also include some info on
a new identity theft standards group.
As always, we first recommend you check out the most popular
articles from our other sites during the past week (especially
the first one):
Gas Station Mishaps Lead to Valid Credit Cards Being Frozen
When’s The Last Time You Requested An Insurance Quote?
Can Generic Groceries Really Live Up to Your Expectations?
What You Need To Know About Health Food
Let’s get going with today’s info on identity theft and
What’s New With Identity Theft? Pretexting.
Imagine getting a phone call from someone from a reputable
sounding research firm asking you to participate in a survey.
The questions they ask seem harmless, including the name of
your phone company, investment firm, and even your pet’s name.
In reality, you may have just been a victim of pretexting.
Pretexting is the practice of getting your personal
information, such as your Social Security number (SSN),
telephone records, bank or credit card numbers, or any other
information, under false pretenses. In other words, a
pretexter pretends they are someone else to obtain your
Pretexters use many different tactics to get your personal
information. One of the most common forms of pretexting is when
someone claims they are from a survey firm, and they ask you a
few questions, as in the example above.
Pretexters claim to be representatives from many different
types of organizations — not just survey firms. For example,
pretexters may also claim to represent banks, government
agencies, local law enforcement agencies, Internet Service
Provides (ISPs), and many others.
The pretexter’s goal is to obtain personal information about
you, such as your SSN, your bank or credit card account
numbers, mother’s maiden name, information contained in your
credit report, or the existence and size of your savings and
After getting your answers, the pretexter may call your
financial institution pretending to be you or someone with
authorized access to your account. The pretexter may, for
example, claim that he’s forgotten his checkbook and needs
information about his account.
The concept of pretexting has become much more widely known in
the past couple of weeks in conjunction with the boardroom
scandal at Hewlett-Packard. HP has admitted that it hired a
private investigator who was able to get phone records of HP
board members by using a contractor who pretended to be the
board members to obtain the detailed phone logs.
It has been widely reported that the contractor also used
pretexting to get the phone records of nine reporters.
Pretexters often sell the data they’ve collected to “data
brokers,” who may sell it to private investigators, or to
scammers who want to commit identity theft.
Often, once they know which bank or brokerage firm you use
along with your SSN, they can often access your account just by
figuring out your password — which unfortunately is often the
victim’s pet or child’s name.
The concept of pretexting is certainly not new. For example,
in 1992, ComputerWorld magazine reported that scammers used
pretexting to obtain individual data from the Social Security
Administration by calling when the computers were down.
Pretexters are using increasingly sophisticated methods,
including using electronic devices that show false phone
numbers on caller ID systems, and paying companies to make
calls for them to disguise the true origin of the pretexting
In fact, scammers today also use pretexting to get info from
call centers at banks, phone companies, and other financial
institutions to gain access to personal sensitive info.
You might be wondering: isn’t pretexting illegal? There is a
law in the US, the Gramm-Leach-Bliley Act. According to the
Federal Trade Commission, this act makes it illegal for anyone
- “use false, fictitious or fraudulent statements or documents
to get customer information from a financial institution or
directly from a customer of a financial institution.
- “use forged, counterfeit, lost, or stolen documents to get
customer information from a financial institution or directly
from a customer of a financial institution.
- “ask another person to get someone else’s customer
information using false, fictitious or fraudulent statements or
using false, fictitious or fraudulent documents or forged,
counterfeit, lost, or stolen documents.”
In addition, the Federal Trade Commission Act also basically
prohibits pretexting for sensitive consumer information.
Unfortunately though, the boundaries of these laws are
ambiguous. Although the Gramm-Leach-Bliley Act is limited to
financial data, it’s unclear whether it also applies to
pretexters who obtain non-financial data. Further, some
pretexters claim that if the info isn’t used illegally, then
the law does not apply.
Although there may be legal questions, there is no dispute
about how easy it is to obtain sensitive personal financial and
How is pretexting related to identity theft? Pretexters can
either use the information themselves or sell your info to
scammers who then open new accounts, order products, borrow
money, etc. For example, they may open new bank accounts,
order a new cell phone, obtain a new credit card, or get a loan
in your name.
Six Recommendations to Protect Yourself from Pretexting
Don’t give out your personal information on the phone, via
email or snail mail unless you’ve initiated the contact or
unless you’re sure it’s safe. Pretexters are especially
interested in information such as your SSN, mother’s maiden
name, pet or child’s name, bank, brokerage and credit card
account numbers, and phone company.
Never use your pet’s name (or children’s name) as a
Ask your financial companies about their policies for
Be VERY careful if you answer surveys — and certainly don’t
give out any personal information to anyone who calls on the
phone or asks via email. If you do answer survey questions,
use common sense and don’t give out any information that could
be sold or used by pretexters.
Tell your family and friends about the dangers of
pretexting. You may want to share this ScamBusters issue on
pretexting with them.
Finally, follow all the other advice we’ve shared with you
on identity theft. You can find out more about
identity theft here.
What’s New With Identity Theft? New Standards.
Last week, the American National Standards Institute, along
with AT&T, the Better Business Bureau, Citi, ChoicePoint, Dell,
Intersections Inc., Microsoft, Staples Inc., TransUnion and
Visa U.S.A. teamed up to create the Identity Theft Prevention
and Identity Management Standards Panel (IDSP).
The IDSP is a resource where organizations can get standards
and guidelines to help them prevent and respond to identity theft.
The IDSP has two main functions:
1) “it will endeavor to
identify and catalogue in one place any existing,
broadly-applicable identity theft and fraud prevention
standards and guidelines;” and
2) “it will identify areas where
updated or new standards are needed.”
It is certainly a step forward that this kind of resource has
been created. The downside is that they estimate it will take
12 to 18 months to have their own set of requirements and best
practices available. For more info, visit
That’s all for today — we’ll see you next week.