Three Ways To Prevent Online Identity Theft

Tuesday 19 September 2006 - Filed under Default

This month, I’ve pulled the topic from many of the questions I received over the past few weeks. Questions like: How do I protect myself online? Should I worry about identity theft? What’s a cookie? Do you want a cookie? These questions(all but that last one) are motivated by the fear of the unknown so I wanted to ease that fear with a little information. I’m going to outline the three most effective ways to protect your identity online.

#1. Don’t fall for phishing scams.

The attacker in a phishing(pronounced fishing) scam wants you to login at a fake website so they can get your password. They get you to that website by sending an email that looks like it came from your bank, eBay, Paypal, etc. The email usually includes some sort of call to action, saying that your account is under seige or that your children are being carried off by some large corporation and the only way to fix it is to login with your *password*.

If you login at the fake website the damage is done. Your login information will be emailed off to the attacker or put in a database for later use. It may not ever be used since a successful phisher will most likely end up with more accounts than they can use. Needless to say, you’d rather they not have that data at all.

So how do you protect yourself from phishing attacks? First, don’t click on any links in email asking you to login. If you must login to a website to check out a potential issue, go to your web browser and type in the website address manually(enter wamu.com or ebay.com for example). Also beware that some phishing attacks reportedly are using phone numbers instead of website links, so if you need to call your bank, use the phone number on your card or bill. It’s all too easy to setup an 800 number with a computer answering system that sounds official.

#2. Know your computers

One way attackers have found to get passwords, credit card numbers, and other sensitive information is through the use of a keylogger. Keyloggers exist in the form of software(as distributed by a virus or spyware) or as an adapter that connects inline with your keyboard. This sounds ok until you realize all the sensitive information you type into that keyboard.

Just knowing that keyloggers exist should make you suspicious of computers in public places or that are infected with a virus or spyware. If a computer is acting strangely(lots of popups or extremely slow), it’s not a great idea to login to your bank account with that machine.

#3. Keep track of data you care about

Since computers are such useful tools, we often fill them with our financial data, plans, and email conversations. As we surf the web, there is also a trail left in the cache and cookies stored on your computer. Before you donate or hand down that old computer, you might want to remove the hard drive(where the data is stored), or have the hard drive erased using a secure hard drive erase utility. One tech I talked to actually takes a pickaxe to his retired hard drives.

Lastly, I’d like to make a note about cookies to answer the cookie question. A cookie is a small file that is saved by your web browser on behalf of a website. This file identifies this web browser when you return to the website later. The benefit of this tool is that the site can remember that you are logged in. If you are concerned about cookies, you can disable them for all but the website you trust. I could write a lot more about cookies but that’s the jist of it.

In summary, the most effective way to protect yourself online is to watch out for phishing scams. Next, develop a healthy suspicion of computers in public places or that display erratic behavior. Third, know where your sensitive data resides and protect that information from untrusted parties. Finally, don’t worry too much about cookies. They are useful tools but if you are concerned you can just enable them for the websites you trust.

2006-09-19  »  David Sterry