Open source software security

About Identity Theft

30 November -0001

Identity theft is a common topic in the media and in reality these days. So common in fact that the FTC has set up a website to help highlight the problem and provide details to the public. Identity theft is often closely tied to information security but many people don't understand why. Every time you fill out a form for a credit card, or a customer appreciation club, or even at a doctor's office, you're entering very personal and identifiable information. All that data usually ends up on a computer at some point. If that computer is compromised, then an attacker can steal those details. It is extremely important that you assess personal details that you wish to turn over to a company. For instance, you may be able to ask "do you really need my social security number?" and often times vendors won't actually need the data and won't require you to turn it over.

Identity theft generally starts with three pieces of information: your name, your social security number, and your birth date. Armed with this information criminals can open lines of credit, receive medical care, and basically impersonate you for profit. Armed with a name, social security number and date of birth a thief can gain access to many goods and services pretending to be you, but these aren't the only pieces of information that can be used in identity theft. Account numbers, your address or telephone number, and other information can also lead to identity theft crimes.

There are many ways to protect yourself from identity theft. The easiest way is to not give out information you don't have to. Always question the legitimacy of a request for information. Does Best Buy really need your zip code, your home phone number? Does the chiropractor really need your social security number? And so on.

Be aware that sometimes thieves will try to trick you into revealing information by pretending to be legitimate representatives of a company you deal with. For instance, someone might call you up and say they're from your credit card company and want to talk to you about possible fraud. They then ask you for your account number and your address to verify your account. Many people would fall for this, but think about it, if your card company called you they dialed the number on record and already have your information, why would you need to give it back to them? There are numerous such scams. Any time *anyone* asks you for any information that could be used for identity theft (called PII in the information security business for Personally Identifiable Information) you should be suspicious.

Identity thieves may even take another approach to getting information from you - they may try the old fashioned route of just taking it from you. This might involve outright theft, or it might involve more subtle methods. For instance, a waitress could make an impression of your credit card before swiping it at a restaurant for payment. Someone might go through your garbage looking for old bank statements, credit card statements, or other bills. Always be careful to guard your personal information securely.

You can do many things to help prevent identity theft. Shredding your mail is a simple way to prevent theft of your records from the trash. You should also be wary of discussing any PII in a public place. I've heard people repeat usernames and passwords to help desk people over the phone in crowded places, or even their social security numbers. Be very leery of any e-mails that arrive asking you to confirm your account. Never click on links in those emails. Pull up your web browser and type in the name of the institution that supposedly sent you the email and see if there are any notices on their website when you log in. If not you probably got a phishing email. You should forward the phishing email to the institution so they can help protect other customers.

You should also be extremely wary about buying online. While the internet is often a safe place to purchase things, you need to be on the lookout for scam sites that try to collect your payment information to use in identity theft. Never purchase things from websites that send you unsolicited email (spam). Buying from established online sources is always recommended.

You can also help detect identity theft by requesting a copy of your credit report. Consumer reporting agencies are required to provide you with a free copy of your credit report once every 12 months according to the Fair Credit Reporting Act. You can get a copy of your report by visiting www.annualcreditreport.com, or calling toll-free 877-322-8228. You should also keep a close eye on your other accounts, like your credit card statements and bank accounts.

Credit monitoring services are, in my opinion, a waste of money. You can do pretty much everything they do for free, you just have to remember to do it yourself. Even the unbiased Consumer Reports says credit monitoring services aren't worth it. In fact, even the CEO of LifeLock had his identity stolen and you'd think he has top of the line identity theft protection.

If you find yourself a victim of identity theft you should report it immediately. The FTC has multiple resources for victims of identity theft.