Hello, 6tringer-ga!
Identity theft is becoming increasingly rampant as thieves discover
new methods to obtain personal data which they can pass on as their
own. While it is highly unlikely that you will ever find out "who"
stole your identity or exactly "how", it is certainly wise to become
enlightened about ways to protect your personal identifying
information. After reading through the following articles, you might
want to analyze your activities both on and offline to see if any
alarms bells sound.
In any case, I recommend that you don't isolate your suspicions to
the internet. The theft of personal information is still obtained
primarily through offline methods as opposed to online intrusion. In
this day and age, when so much of our personal data is floating
around, it is prudent to make every attempt to protect uninvited
access to personal information.
Because identity theft has hit several of my acquaintances, I have
become a stickler for protection, both on and offline. I have taken to
shredding every paper document that contains ANY snippet of personal
information before it goes in the trash, simply because I realize how
easy it has become for identity thieves to sift through garbage to
find data which might help them to open fake credit card accounts
under false pretenses. I have even become wary of using my credit card
in restaurants because some recent incidents have exposed employees
who walk away with a credit card and spend a few moments writing down
the number before posting payment and handing it back. Before the
customer returns home, the individual can log on to the internet and
purchase a thousand dollars worth of merchandise without having to
show their face or provide a signature!
==
Since you suspect that your information might have actually been
stolen online, you might want to take a moment to think about the ways
you use your computer. Do you use personal security software? Do you
utilize an unprotected wireless connection? Have you made a practice
of storing your personal information and credit card number on sites
you visit regularly? Do you provide your password each time you access
sensitive financial sites, or do you save it online? What about using
an office computer to make personal purchases or bank transactions? Is
it possible you have a less than trustworthy roommate or friend who
has access to your computer? Have you recently left your wallet in a
place (the gym or library, perhaps) where a casual look inside might
allow quick access to your driver's license with a social security
number and birth date, or a quick peak at your credit card number?
("A smart thief armed with only a stolen name and Social Security
number could easily open dozens of credit accounts--online and
anonymously, with no face-to-face verification required--and put their
unsuspecting victim potentially thousands of dollars in debt within an
hour or two. Lots of identity thieves get the information they need
the old-fashioned way, sorting through a trash bin or jotting down a
credit card number at a store. But many others use technology--hacking
into a company's personnel files or visiting a Web site that sells
Social Security numbers or other personal information.")
http://pcworld.about.com/magazine/2010p043id103742.htm
===
Have you ever used a public computer in a library or hotel to purchase
tickets or merchandise, and then walked away without closing the
browser? If so, all the next individual has to do is hit the back
button to view your credit card information. I experienced this
situation on a hotel computer a few months ago when I clicked back to
an airline ticket purchase. The previous user's name, address and
credit card number were clearly visible. I have often walked up to
public computers and virtually stepped right into another's personal
email account before they forgot to close the browser before stepping
away. Had I chosen to, I could have read any number of personal emails
(which might have contained bank account information, etc.)
==
While the internet is supposed to be secure, the truth is, it is not.
Just think back to last year, when several high profile firms,
including Lexis Nexis and ChoicePoint were embarrassed to find that
personal information files had inadvertently landed in the hands of
fraudulent characters who stole the credit card and social security
numbers of thousands of customers. The following report outlines the
incident, but also points out that the internet is not the primary
source of identity theft.
From "Identity Theft: The Internet Connection," by Marcia S. Smith.
Specialist in Aerospace and Telecommunications Policy. Resources,
Science, and Industry Division. March 16, 2005.
http://www.usembassy.it/pdf/other/RS22082.pdf
Summary
"Concern is growing about identity theft - where one person assumes
the identity of another by stealing personally identifiable
information (PII), such as credit card or Social Security numbers.
High profile incidents disclosed in early 2005 involving ChoicePoint,
Bank of America, and LexisNexis, where the PII of more than a million
Americans may have been compromised, have refocused congressional
attention on this issue. Many associate the rise in identity theft
cases with the Internet, but surveys
indicate that comparatively few victims cite the Internet as the
source of their stolen PII."
"Still, the Internet may play a role, particularly through a practice
known as "phishing."
Excerpt from main text:
"Identity theft can be separated into "low-tech" crimes by thieves who
acquire PII through traditional means such as lost or stolen wallets
or "dumpster diving," and "high-tech" crimes by thieves who compromise
computer databases or use the Internet. A survey released in January
2005 (discussed below) found that computer crime accounted for 11.6%
of identity theft cases in 2004, compared with 68% from paper
sources."
"Computer crimes do not necessarily involve the Internet; they may be
caused by data security or computer security lapses (such as insider
theft). Still, the Internet can be used to acquire an individual?s
PII, particularly through a practice known as "phishing." The Internet
also could enable hackers to access computer databases if the
databases are connected to the Internet. Also, PII may be
inadvertently placed on the Internet through human error. The
networked nature of the Internet age, coupled with steadily increasing
computer power, not only allows the linking of enormous databases to facilitate
information access, but also makes that information more vulnerable to
misuse. The ease, speed, and relative anonymity of online transactions
may further exacerbate harm to the consumer when identity theft
occurs."
Tips on avoiding Internet Identity Theft:
* "Do not give out personal information over the Internet unless you
have initiated the contact or are certain you know who you are dealing
with;
* "If you store PII such as Social Security Numbers (SSNs), financial
records, tax returns, birth dates, or bank account numbers on your
computer:
- Use virus protection software and update it regularly;
- Do not open files sent to you by strangers or click on hyperlinks or
download programs from people you do not know, and be careful about using
file-sharing programs;
- Use a firewall program;
- Use a secure browser (software that encrypts information you send over the
Internet);
- Try not to store financial information on your laptop;
- Delete all personal information on a computer before disposing of it; and
- Look for website privacy policies, and if you do not see one, or cannot
understand it, consider doing business elsewhere.
(Read entire article)
==
Be aware of Phishing scams:
From "Phishing" Fraud: How to Avoid Getting Fried by Phony
Phishermen." U.S. Securities and Exchange Commission.
http://www.sec.gov/investor/pubs/phishing.htm
"Phishing" involves the use of fraudulent emails and copy-cat websites
to trick you into revealing valuable personal information - such as
account numbers for banking, securities, mortgage, or credit accounts,
your social security numbers, and the login IDs and passwords you use
when accessing online financial services providers. The fraudsters who
collect this information then use it to steal your money or your
identity or both."
"When fraudsters go on "phishing" expeditions, they lure their targets
into a false sense of security by hijacking the familiar, trusted
logos of established, legitimate companies. A typical phishing scam
starts with a fraudster sending out millions of emails that appear to
come from a high-profile financial services provider or a respected
Internet auction house."
"The email will usually ask you to provide valuable information about
yourself or to "verify" information that you previously provided when
you established your online account. To maximize the chances that a
recipient will respond, the fraudster might employ any or all of the
following tactics:
Read on.......
(For example - not so long ago I received a very official-looking
email from "Paypal" asking me to click on a link and provide my
account information for verification. The lure was an urgent message
stating that someone else appeared to have been using my account.
Needless to say, I did not click on the link and I called Paypal to
verify that they had not sent me an email of this sort! Has anything
like this ever happened to you, and did you respond with your
information?)
==
Wireless Vulnerability:
Wireless access has prompted many users to be especially cautious
since identity thieves have been known to prowl neighborhoods for
unsecured systems.
From "Wireless Networks Can Lead To Identity Theft." WMUR March 2005
http://www.wmur.com/technology/4243276/detail.html
"Wireless computer networks are convenient and powerful, but security
experts warn they may be an open invitation to your personal data.
More households are installing wireless networks to share Internet
connections among multiple computers. It's as easy as sliding in a
wireless card and attaching a cable or DSL connection to a router.
"But that ease of use also makes it easy for thieves to steal personal
data. With the help of computer expert Erik Crago, News 9 took a trip
through a local neighborhood to find wireless data reaching outside
the walls of homes. "All of sudden, we have one, two, three, four,
five wireless networks," Crago said. "With just a laptop computer of
his own, Crago was able to find unsecured systems from a car driving
through the neighborhood. It's a practice called war-driving, in which
thieves scan for wireless networks in populated areas.
"We could probably get right in and change anything we wanted to," Crago said.
"Many users of wireless networks don't realize that the signal can
travel 300 feet or more. Some hackers use simple devices to extend the
range of their own laptops, making it even harder to know when someone
is trying to gain access to the wireless network. Although businesses
usually set up proper wireless security, many home users don't.
Manuals provided with networking equipment include several steps to
increase security, but many don't take the extra step.
The danger of someone getting on a wireless network unauthorized is
not limited to simply sending e-mails on someone else's dime. A
war-driver can also get access to personal information.
The war-drivers you look out for, they are going to look for these
open access points," said Gerard Goubert, of the University of New
Hampshire Interoperability Lab. Goubert said that a thief that gains
access to a wireless network could steal credit card numbers,
passwords, usernames and online banking information.
"If you happen to send through e-mail a password, he could read that
right out of the air," Goubert said
(Read further to find out how to protect your computer.....)
==
I mentioned earlier that the internet may not be the actual
originating source of your stolen personal identifying information.
Take a look at some excerpts from the following article:
"Ten Tips to Prevent Identity Theft," by Tony Bradley
http://netsecurity.about.com/od/newsandeditorial1/a/aaidenttheft.htm
"Most identity theft or compromises of PII, including a couple of the
major breaches mentioned above, have nothing to do with the Internet
or lax computer or network security. Unpatched operating system
vulnerabilities or hacking wizardy are involved in a relatively small
number of the total cases.......Information can be pulled from your
trash can. Waiters can swipe or simply write down your credit card
number when you make a purchase at a restaurant."
1. "Watch for shoulder-surfers. When entering a PIN number or a credit
card number in an ATM machine, at a phone booth, or even on a computer
at work, be aware of who is nearby and make sure nobody is peering
over your shoulder to make a note of the keys you?re pressing."
2. Require photo ID verification. Rather than signing the backs of
your credit cards, you can write "See Photo ID"....
3. "Shred everything. One of the ways that would-be identity thieves
acquire information is through "dumpster-diving", aka
trash-picking....
4. "Destroy digital data. When you sell, trade or otherwise dispose of
a computer system, or a hard drive, or even a recordable CD, DVD or
backup tape, you need to take extra steps to ensure the data is
completely, utterly and irrevocably destroyed. Simply deleting the
data or reformatting the hard drive is nowhere near enough...
5. "Be diligent about checking statements. This actually has two
benefits. First, if you are diligent about checking your bank and
credit statements each month, you will be aware if one of them doesn?t
arrive and that can alert you that perhaps someone stole it from your
mailbox or while it was in transit.
6. "Pay your bills at the post office. Never leave your paid bills in
your mailbox to be sent out. A thief who raids your mailbox would be
able to acquire a slew of critical information in one envelope- your
name, address, credit account number, your bank information including
the routing number and account number from the bottom of the check,
and a copy of your signature from your check for forgery purposes just
for starters.
7. "Limit the information on your checks. It may be convenient to have
your drivers license number or social security number imprinted on
your personal checks to save some time when you write one, but if it
falls into the wrong hands it reveals too much information....
8. Analyze your credit report annually....
9. Protect your Social Security number...
10. "Caveat Emptor. I will offer my apologies in advance, and I mean
no offense to smaller businesses just building themselves up or
getting established, but I recommend you not do business online with
companies you don?t know anything about....
==
A few more tips from "Don't be a Victim of Identity Theft."
http://retireplan.about.com/cs/fraudprevention/a/identity_theft.htm
* Don't give your credit card numbers to strangers (obviously)
* Don't give personal information over the phone unless you initiated the call
* Use a name other than you mother's maiden name as security on your credit
card accounts
==
Some excellent security advice can be found in the following article:
"Safe Personal Computing."
http://www.schneier.com/blog/archives/2004/12/safe_personal_c.html
General: Turn off the computer when you're not using it, especially if
you have an "always on" Internet connection.
Laptop security: Keep your laptop with you at all times when not at
home; treat it as you would a wallet or purse. Regularly purge
unneeded data files from your laptop. The same goes for PDAs.
Backups: Back up regularly. Back up to disk, tape or CD-ROM. There's a
lot you can't defend against; a recent backup will at least let you
recover from an attack
If you must use Windows, set up Automatic Update so that you
automatically receive security patches.
Applications: Limit the number of applications on your machine. If you
don't need it, don't install it. If you no longer need it, uninstall
it
Limit use of cookies and applets to those few sites that provide
services you need. Set your browser to regularly delete cookies. Don't
assume a Web site is what it claims to be, unless you've typed in the
URL yourself.
Web sites: Secure Sockets Layer (SSL) encryption does not provide any
assurance that the vendor is trustworthy or that its database of
customer information is secure.
Think before you do business with a Web site. Limit the financial and
personal data you send to Web sites--don't give out information unless
you see a value to you.
Passwords: You can't memorize good enough passwords any more, so don't
bother. For high-security Web sites such as banks, create long random
passwords and write them down. Guard them as you would your cash:
i.e., store them in your wallet, etc.
Never reuse a password for something you care about. (It's fine to
have a single password for low-security sites, such as for newspaper
archive access.) Assume that all PINs can be easily broken and plan
accordingly.
Never type a password you care about, such as for a bank account, into
a non-SSL encrypted page. If your bank makes it possible to do that,
complain to them. When they tell you that it is OK, don't believe
them; they're wrong.
E-mail : Turn off HTML e-mail. Don't automatically assume that any
e-mail is from the "From" address.
Delete spam without reading it. Don't open messages with file
attachments, unless you know what they contain; immediately delete
them. Don't open cartoons, videos and similar "good for a laugh" files
forwarded by your well-meaning friends; again, immediately delete
them.
Never click links in e-mail unless you're sure about the e-mail; copy
and paste the link into your browser instead.
Antivirus and anti-spyware software : Use it--either a combined
program or two separate programs. Download and install the updates, at
least weekly and whenever you read about a new virus in the news. Some
antivirus products automatically check for updates. Enable that
feature and set it to "daily."
Firewall : Spend $50 for a Network Address Translator firewall device;
it's likely to be good enough in default mode. On your laptop, use
personal firewall software. If you can, hide your IP address. There's
no reason to allow any incoming connections from anybody.
Encryption: Install an e-mail and file encryptor (like PGP).
Encrypting all your e-mail or your entire hard drive is unrealistic,
but some mail is too sensitive to send in the clear. Similarly, some
files on your hard drive are too sensitive to leave unencrypted."
(Read further...)
==
Also see "Information For Consumers - Protecting Your Identity In the
Virtual World." Better Business Bureau Online.
http://www.bbbonline.org/idtheft/virtual.asp
==
Finally - while we all like to blame technology, human error is often
the underlying cause of security leaks:
From "Blaming Technology For Human Error," by Tony Bradley
http://netsecurity.about.com/od/newsandeditorial1/a/aatechbandaid.htm
"It seems like there is always finger-pointing at technology as the
crux of various security problems. On the other side of the coin are
those who look to technology as the ultimate protector and savior of
security and constantly strive to create a tool that will block,
detect, filter or otherwise eradicate all of these concerns. But,
unless we evolve to some futuristic world like you find in the
Terminator or Matrix movies, none of those solutions can fix the
single weakest link in the security chain, human beings."
* "It is certainly possible to create technology bandaids that try to
protect us from ourselves, but as long as people are willing to share
sensitive, personal information with strangers just because there may
be a chance they could win theater tickets, the general state of
security will continue pretty much as it is. A little education and an
ounce of common sense will go much farther than snappiest of new
whiz-bang security technologies could ever dream of."
===
I hope I have provided you with some food for thought and possible
clues about how your personal information might have been obtained.
While you can't go back and regain what has been lost, you can
certainly learn from this unfortunate experience and protect yourself
in the future. Wishing you all the best!
Sincerely,
umiat
Search Strategy
identity theft
online identity theft
wireless laptop security and identity theft
wireless internet and identity theft
stealing personal information |
