Arming Yourself Against Identity Theft
 

Arming Yourself Against Identity Theft

July 2010

Jay Ferron, CEH, CISM, CISSP, CSWP, MCITP, MVP, Security Practice Lead - Global Knowledge

Identity theft is a very fast-growing problem, and you can become a victim if you're not careful. According to Privacy Rights Clearinghouse (http://www.privacyrights.org/), compromised personal information collected during data breaches includes Social Security numbers, account numbers, and driver's license numbers, all of which are useful to identity thieves. Since January 2005, 356,088,361 records containing sensitive personal information have been involved in security breaches in the U.S. This does not include incidents where identity theft was not reported.

What is identity theft? Simply put, it occurs when some else says that he or she is you and uses your credit and identity to commit crimes. The consequences can include ruining your credit or worse. And if your identity is stolen, it can take a long time to fix the issues that it will cause.

How does one become a victim of Identity Theft? Most of the time, people give the thieves the necessary information. For example, have you ever gotten an e-mail that says, "You won a 42-inch TV!" or "You won the lottery!" Have you ever received email from an overseas country stating that someone died and left $300,000,000, and all you need to do to get 69% of the money is..? You might get an e-mail saying "There is an issue with your account, please login with your user name and password. Do yourself a favor; do not answer and put the mail in the deleted folder.

You also can become a victim by downloading malware or spyware. According to Wikipedia, "malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent."

On the Microsoft website (http://www.microsoft.com/security/spyware/whatis.aspx), spyware is defined as "a general term used to identity software that performs certain behaviors, generally without appropriately obtaining your consent first, such as: advertising collecting personal information, or changing the configuration of your computer. Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information."

Malware and spyware can be downloaded to your computer in any number of ways. They can get in through down-loading games or music from the Web, peer-to-peer sharing networks, some screensavers, and some "Free software."

What are the criminals looking for? Information such as Social Security numbers, passwords, your mother's maiden name, your birth date, billing and e-mail addresses, credit card numbers, bank account numbers, and ATM pins. The more information you give them, the easier it is to steal your identity.

Simple steps to prevent becoming a victim

  1. Think security. If you are not sure about something, do not open or install it.
  2. If asked to download a file, and you are not sure what it does, do not download it.
  3. Get an anti-spyware program, keep it updated, and use it.
  4. Do not open e-mails from people you do not know.
  5. Do not open attachments if you are not positive you know what they are.
  6. If an e-mail offers something too good to be true, it probably is a scam.
  7. Use anti-virus software; update it at least once a day or more.
  8. Patch your computer's operating system (all vendors have updates).
  9. Patch you applications (word, games, mail programs, etc.).
  10. Be smart; know what services run on your computer, and what ports are open.
  11. Stay away from peer-to-peer sharing software programs.
  12. Think! Computer Security is about what you do as well as what you don't do.
  13. If your computer has a Trojan or worm, you can try to fix it BUT it probably has more than one Trojan or worm. It's better to rebuild if you want to be truly secure.
  14. Wipe out the hard drive when disposing of computers with utilities such as Active KillDisk (Free) WipeDisk, or BCwipe.
  15. Think before you click.

If You Are a Victim

  1. Contact all of your banking, credit card, mortgage, etc., companies.
  2. Contact the police.
  3. Report it to the Federal Trade Commission.
  4. Prepare an ID Theft Affidavit and Fraudulent Account Statement.

To learn more about identity theft you can go to http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html 

Related Courses

Cyber Security Foundations