Knowledge Base

WIRETAPPING

If you are concerned about covert eavesdropping or wiretapping, then it would be wise to contact InfoAssure Technologies and schedule a "Bug Sweep". However, do not call from a suspect telephone, cellular telephone, or cordless phone; and understand that it is critical that you should get someone out to your location as quietly, and as quickly as possible.

The above three pictures are of a common 25 line terminal or demarcation box which is used by the phone company for many business telephone installations.

Notice how there are no locks or security devices on the box, an eavesdropper can simply walk up to this box and attach a bug or tape recorder in under ten seconds.

This is one of the easiest locations for any eavesdropper to listen to private calls being made. In the case of a residence the box is typically much smaller, but no more secure. This is often called a "demarcation point", and most people are completely oblivious to how vulnerable this box is to eavesdropping.

The above three pictures shows Standard Phone Company Demarcation boxes for Home and Business installations.

All three have been manipulated, bugged, or wiretapped, the first one (far left) has an extra wire which ran to a tape recorder in a near-by apartment.

The one in the middle has a parasitic RF transmitter on it.

The one on the far right has two demarcation boxes (one is legit and the one with the red arrow contains a fairly sophisticated wiretap and RF transmitter).

This is one location on the phone line where a professional eavesdropper likes to install a bug or wiretap. It can be placed in the cabinet, in the "boot", on the cable, or anywhere between the phone company's building, and the targeted person or business.

Notice that this cabinet is also unlocked, which is a common problem. Lack of security at these boxes make them very attractive and tempting targets for both amateur and professional eavesdroppers.

This is one of the more popular places to install a covert transmitter, bug, or wiretap. The cabinet provides access to hundreds of sets of phone lines, and provides a lot of extra space to conceal tape recorders, transmitters, and similar listening devices.

And the lesson here is?

• It is very easy for anyone to access your phone wires
• Even an amateur can easily bug or tap a phone line
• An eavesdropper does not have to get close to the target to tap the line
• People have a serious false sense of security about their phone and related wiring
• Telephone lines are extremely vulnerable to eavesdropping
• It's very difficult to find a bug or wiretap on a phone line
• Detection requires an expert knowledge of telephones and electronics
  

PHISHING

What is phishing?
Phishing is a type of deception designed to steal your identity. In phishing scams, scam artists try to get you to disclose valuable personal data?like credit card numbers, passwords, account data, or other information?by convincing you to provide it under false pretenses. Phishing schemes can be carried out in person or over the phone, and are delivered online through spam e-mail or pop-up windows.

How does phishing work?
A phishing scam sent by e-mail may start with con artists who send millions of e-mail messages that appear to come from popular Web sites or sites that you trust, like your bank or credit card company. The e-mail messages, pop-up windows, and the Web sites they link to appear official enough that they deceive many people into believing that they are legitimate. Unsuspecting people too often respond to these requests for their credit card numbers, passwords, account information, or other personal data.

What does a phishing scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.

To make phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site, but it actually takes you to a phony scam site or possibly a pop-up window that looks exactly like the official site. These copycat sites are also called "spoofed" Web sites. Once you're at one of these spoofed sites, you might unwittingly send personal information to the con artists. They then often use your information to purchase goods, apply for a new credit card, or otherwise steal your identity.

How can I tell if an e-mail message is fraudulent?
Just as in the physical world, con artists will continue to develop new and more sophisticated ways to trick you online.

The following are just a few phrases to watch for if you think an e-mail message is a phishing scam. Don't forget to trust your instincts. If an e-mail message looks suspicious, that probably means that it is.

"Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate.

"If you don't respond within 48 hours, your account will be closed." Phishing e-mail may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail may threaten to close or suspend your account or may even say your response is required because your account may have been compromised.

"Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name.

"Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.