IDENTITY THEFT REDUX

28. April 2009, 17:35 | by WD Milner | Full Article |

About two years ago I did a little piece on identity theft. After a conversation with a friend about lost credit cards, I thought it worth revisiting.

Identity thieves are constantly on the lookout for personal information that can be used to their advantage, be it monetarily through fraud, or as a smokescreen by commiting other crimes using the victim’s identity. The best way to minimize the chances of becoming a victim of identity theft is to strictly limit access to your personal information - something often easier said than done in this age of information.

The following are some common methods used to commit identity theft and some recommendations on how to mitigate them.

One of the oldest methods is known as Shoulder Surfing. The thief simply watches from a viewable distance when you use Automated Banking Machines, Point of Sale terminals, public computers or when you use your laptop, smartphone or other devices in public places. User names, passwords and PIN’s can be stolen by this method. Fortunately, this is easy to mitigate. Always be aware of those around you when entering confidential information on a device. This includes those several feet away or in booths or tables within line of sight. You should get in the habit of using your hand(s) and body to shield keypads when entering PIN's, passwords or other information, even if there is no one around. You will then be less likely to forget when there are people in the area.

Another tried and true method of obtaining personal information is dumpster diving, where papers, receipts, invoices, financial statements and other documents containing personal and other information are retrieved from accessible trash bins and containers. This form of attack can be avoided by using a paper shredder, preferably a cross-cut model, to destroy all sensitive and confidential materials that are no longer needed before placing in the trash. If needed, models are also available that will handle credit cards, floppy disks, CD’s and DVD’s.

Similar to dumpster diving in simple mail theft. In ths case the identy thief simply steals financial looking mail from a mailbox, or manages to redirect it to an address of their choosing. Surveillance if available can help but always know when credit ards are due for renewal, and the dates that statements, bills and invoices are due to arrive. If they are significantly late, notify the issuer.

Of recent years a popular tactic of the identity thief has been phishing. This involves sending unsolicited e-mail (spam) containing links to fraudulent websites that mimic legitimate business and banking sites. The idea of course is to trick the user into revealing usernames, passwords, account numbers, PIN’s or even Social Insurance/Security Numbers. These e-mails are seldom personalized being more generally addressed to “account holder”, “valued customer”, etc. They also are generally of a message that either offers some reward or contest prize, or raises urgent concerns over account security or suspension.

Avoiding phishing schemes is also very simple. Virtually no financial institution will use unsolicited e-mail to request account information (if yours actually does, then I'd change institutions). Do not reply to such e-mails, and do not click on links they contain requesting you to verify account details. It is also a good idea to forward such e-mails to the security section of your financial institution. Many have a department set up to handle such fraud attempts and have the resources to track down the perpetrators.

Vishing is closely related to phishing except that it is done by telephone. Again, the intent is to trick you into disclosing account and password information. Sometimes the two are combined in an e-mail that requests you to call a number. DO NOT DO IT. Even if it is not a vishing scheme you could end up paying for a call to a fee based number, or if on an insecure PBX or VOIP system risk having it compromised. If in doubt, politely hang up and call your bank back at a known legitimate number. If it actually was your bank, they will not be upset and would prefer their customers be cautious than not.

An increasingly dangerous technique used by identity thieves is that of spyware or malware. This is software that is surrepticiously installed on computer systems and designed to collect information unbeknownst to the users. It can be installed by downloading and using unsafe programs, or by visitng websites without taking safety precautions (such as fully patched browsers, operating systems, and wide open scripting permissions), or by direct local install on the system by another person.

Because of the wide range of possible spyware, mitigating the threat is a bit more work. You should install appropriate software designed to combat viruses, trojans anad spyware. (make sure the program manufacturer has some credibility) and a personal firewall. Do not use public computers such as libraries, cafes, etc. for online financial activities. Do not let websites or software programs memorize your account information. The exception to this are programs such as KeePass and Password Safe designed as secure repositories of such information or USB Secure key appliances such as Ironkey.

The last main threat comes from those websites that collect personal information by trying to get visitors to purchase or sign up for fake products or services, or by trying to capture the information from insecure legitimate sites. This risk can be avoided by only shopping at sites known to be trustworthy and reputable. Also look for a URL that begins https and a small lock that appears in your browsers status bar when visitng pages requiring the input of information.

The information age can be a dangerous time but a little foresight, and awareness can go a long way to protecting ourselves as we take advantage of the benefits of such technologies.

- 30 -

Categories: ,
Keywords:

Comments


 



Textile help
 
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.

 

Article & Comments


Comments are not enabled for all articles or documents.

Article Navigation
|

Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••