Identity Theft Protection

Identity theft protection is not about installing the latest thumb-print reader or having an iris-scan login for your bank account. It’s about being aware of the main ways criminals can steal your identity online.

Pure social engineering Social engineering is just a fancy phrase for a con trick, a hustle, a scam. It takes advantage of everyone’s naivety and/or greed. If someone knocks at your door and asks for personal information in exchange for a free sample of something you never knew you wanted, or you hold the door open for someone at work who claims to be maintenance staff but has no badge, you’ve been socially engineered. Online social engineering is used in conjunction with computer and networking technologies.

Phishing Phishing is probably the most common identity theft method, it involves persuading you to enter personal data, such as bank passwords into a form that sends the data straight to the criminals. Phishing is usually done via a disguised email claiming to be from your bank or other service, but the method is spreading to social media sites like Facebook and Twitter. Fundamentally, you should never click a link in an email and never login via links you click on any site – always enter the address manually or from your local bookmarks (caveat below)

You can also be phished if someone hacks the local hosts file on your computer that converts web addresses into the numeric IP address actually used by the computer to connect to a remote site. You might also get phished if your domain name server (DNS) is compromised. The DNS is the remote (internet service provider, ISP, level) version of everyone’s local hosts file. Proxy servers can also be compromised. Be cautious about using any proxy address not provided by your ISP or organization, especially those that claim to let you access forbidden resources!

Password cracking There are two main types of password cracking attacks: brute force and dictionary attacks. If you use a weak password for your logins, sooner or later a criminal will attempt to find the password through one of these methods. However, if your PC has been compromised with a keylogger or a Trojan they won’t need to bother as criminal will be able to read your passwords every time you login to every site.

ID theft protection Basic advice. Don’t get conned! If it seems suspicious or sounds too good to be true, 99 times out of 100 it will be a scam. Use a strong browser (such as Firefox) and an email program such as Thunderbird with inbuilt phishing protection. Keep your anti malware software up to date (AVG free for viruses, AdAware Personal for spyware), make sure you have a Firewall (ZoneAlarm free) running to prevent Trojans from sending information out, and use a good router with a hardware firewall to stop incoming attacks.

Background information courtesy of Jungwoo Ryoo. You can read about how his team is working to tighten security on e-gov web sites in this post.