Identity Theft: It affects us all

What is Identity Theft

Identity theft is the willfull collection of a person or entities' personal information without their knowledge or consent.More precisely, this means that any person, entity or program created that intends on collecting other people or entities information in order to potentially gain profits off that information is committing Identity Theft. This does not mean the "thief" will use the information they collected, but rather that they have stored the information and may use it.

Within as little as six seconds of being connected to the Internet your identity could be compromised or stolen. That's right, six seconds is all it takes for malicious people to have their nasty software (known as malware-bots) automatically seek and attempt to connect to poorly or unprotected computers to infiltrate and steal as much data as they can get their hands on. The malware-bot captures all the data that is sent to and from your computer over the internet.

However, hope is not lost. There are things you can do to protect yourself.

What kinds of information are thieves looking to collect?

Any information that can be used to assume another person or entity's identity; such as:

  • Social Insurance Number or Social Security Number
  • Drivers license
  • Birth Certificate
  • Credit Card information
  • Banking information
    • Financial institution you deal with.
    • Type of accounts you have.
    • Bank card PIN
    • Username and password for online banking

What are some common methods thieves use to obtain Identity data online?

Drive-by Downloads

An infected website injects malware into the user's computer via "Drive-by" or stealth downloads. In essence, what occurs is that the user either clicks a link or types in the website address. As the webpage loads, an automatic download code will be triggered and cause an unwanted download to occur silently in the background. Once the webpage is closed the user will see new desktop shortcuts and will likely receive many popups and fake security alerts that attempt to coerce the user into purchasing additional fake software. One very common type of Drive-by Download is the Trojan codec installation.

Infected Trojan codec installations

An innocent looking website will offer free music and/or videos. The user clicks on one of the items to view it and then they are prompted to install a special codec in order to view the item. In nearly all cases, it is best to close the window and block that website as this is a very common way that Trojan infected Codecs get installed onto the users computer. Moreover, these Trojans then download their buddies onto the user's computer and wreak havoc until the computer crashes or an expert technician removes the threat(s) from the computer.

Email Phishing

Users are tricked into giving out their user name(s) and password(s) through a fake email that says they need to login to their banking, Paypal, Ebay or any other login site, then the link in the email leads to a fake Internet page, meant to grab the user's login information. Email Phishing is a popular topic these days. Malicious people have found cunning ways to deceive others into revealing their personal information, account passwords and other pertinent information that is used to keep the user's data safe. Often times the emails will mostly look legitimate as if the email has come from the user's financial institution, Credit Card company or any other company or program that requires a user to login with a user name and password. The email will contain a fake link that appears to open up the login page for the specified company. The user then unwittingly enters their user name and password, clicks submit and that information is then sent off to the malicious person or entities server. What's more, many of the email phishing scams have been linked back to Russia where the Russian mafia has used this data in a lucrative business that harms many people worldwide.

Infected Downloads

An infected download is any download that has been tampered with or purposely uploaded as malware for the unsuspecting user to download. Most commonly this is seen on peer-to-peer networks where there is no control over what people are uploading to share. Infected downloads are downloads that the user chooses to download, and thus is fully aware they are downloading something. However, the download is often what is known as a Trojan virus. When the program when run, this software releases malware onto the user's computer. The downloaded program may work as a normal appearing program or do nothing when clicked; however, behind the scene it is harming the user's computer and working to steal the user's data and personally identifiable information.

Website hijacking

The user attempts to go to a webpage they regularly use, but then are redirected to another website. The most common website hijacker sets up a fake webpage that looks the same as the original websites login screen. The user then enters in their login and password information, and clicks submit. The login and password information is then sent to the hijackers' server and the user is then told the login/password information is incorrect, please enter the information again. However, the second time they enter their information they are on the original website, unaware that their information has been stolen and are able to login as if nothing happened at all.

Some signs of a hijacked website:

  • Poor grammar and noticeable spelling mistakes.
  • The website address bar does not show the padlock symbol, thus the webpage is not encrypted.
  • The colors of formatting on the webpage are different from normal.

What does a thief do with the information that they collect?

There are many things that a thief can do with the information that they steal; including:

  • apply for credit cards, loans or open a bank account in the victims name.
  • use the victims credit cards and bank accounts to make fraudulent purchases.
  • purchase illegal or questionable items or weapons in the victims name which are later traced back to the victim.
  • build up lists of personal information from many victims that are later sold to the highest bidder on the black market; so it is possible the information will not be used right away when it is taken.

Three Common Myths about Security

If I don't use the Internet I am safe from Identity Theft.

Unfortunately, many people believe this myth. But, the truth is that those who regularly make use of the internet to check their accounts suffer less financial loss from Identity Theft, then their offline friends who wait for the monthly bank statement in the mail. As stated by Randy Paige, "use the Internet to your advantage -- keep track of your accounts and credit cards online and check your credit reports regularly" (http://cbs2.com/consumer/local_story_051193855.html). Moreover, thieves are just as likely to steal a person's mail to obtain their personal information and then later use that information they obtained online.

If I only visit websites I trust, I am safe.

The fact is that many of the infected websites are trustworthy websites that have been hijacked or been injected with code from outside parties. Moreover, one study by Andrew Patrick, showed that the advertisements on many popular websites were the triggers of the infections and not the actual websites themselves (http://www.andrewpatrick.ca/essays/modern-internet-identity-theft).

If I am connected by network cable (aka hard-wired) to the Internet, I am safe from hacking.

The fact is that a poorly or unprotected hard-wired connection is just as at risk of being 'hacked' as a wireless Internet connection. In fact, if there is a laptop or other wireless device connected to your hard-wired connection then a hacker can easily gain access to the unprotected wireless connection through the unprotected wireless device (http://en.wikipedia.org/wiki/Wireless_security).

The Reality of Identity Theft Today

Nearly half of all reported Identity Theft attempts result in a victim! In other words, nearly 50% of all reported Identity Theft attempts made in Canada and the United States result in Identity Theft with a reported financial loss of over $23 million dollars in Canada alone. These statistics do not include those attempts, victims or financial losses suffered by the unreported events (http://www.phonebusters.com/english/documents/Yearlyen0001_000.pdf). Therefore, the consumer must educate themselves on the tactics used by malicious people. We all need to be prepared in advance to thwart the attempts of those that seek to harm us. Would you follow a stranger into a dark alley to see a free video or 'to claim a prize you just won'? Yet, many people will click links that claim to be giving away free videos and prizes of all sorts and many times those links lead to the dark alleys of the Internet.

What's more, if some stranger knocks on your door and states they believe your credit card number has been stolen and that they need to cross reference your card against their list to confirm. Do you hand over your credit card? Yet, many people do exactly that when they receive an email stating that a problem with a credit card or bank account and they blindly click the links and give the malicious person their credit card number and bank account information. These types of emails are called phishing emails, as the sender is "fishing" for your information. Malicious scam-artists make a very lucrative living off those who are gullible and unprepared.

How to Protect against Identity Theft

Identity Theft is no laughing matter, in fact its quite serious. Thus, it is imperative that you take the steps necessary to protect yourself and your family from those that seek to steal your Identity and personal information. Your best first step in protecting your identity is to call the friendly, knowledgeable experts at YourTechOnline.com. The experts can assess your computer's security strengths and weaknesses and then develop a plan of action tailored to your specific needs. Moreover, here is a checklist of tools that should be part of your security arsenal:

  • Be certain of your security. Although no security product can give you 100% protection, you can be 99.9% protected and thus, avoid the "Script kiddies" that only attack poorly protected computers. A great Antivirus is AVG by Grisoft and your best firewall protection is a hardware firewall. A common hardware firewall is also called a router and they can be purchased from nearly any computer hardware store.
  • Use a trusted Antispyware program; such as, Spybot Search and Destroy by Safer Networking Ltd. and Ad-aware SE by Lavasoft.
  • Install Sana SafeConnect a security program that works with your current security suite and is specifically tailored for Identity Theft protection.
  • Regularly check your financial and business accounts. You need to be watching for any inconsistencies rather than waiting for them to be pointed out to you. The best way to do this is to setup online accounts where you can the activity regularly.

What to do if you are the victim of Identity Theft

  • Call your local authorities and inform them of the situation and any information that may help them to apprehend the thief. Call your financial institution, Credit Card Company and any other company that you have a login/password for so they can make a note on your account about the Identity Theft.
  • Call or write the main credit reporting bureaus (for the US: Equifax, Experian, Trans Union - for Canada: Equifax, Trans Union) and notify them to put a flag up on your account to let them know your Identity has been compromised so that no new accounts can be opened in your name.
  • Be prepared and alert, stay one step ahead of those that seek to harm you through your computer. Use the knowledge and tools you gain defensively. Most of all - Be Computer Smart!