Identity Theft Prevention

Security and Identity Theft Prevention

With 1 in 6 of us impacted by identity theft so far and effects that can last 7 years, is it time for a security tune up for you or your family’s personal computer?
The L.A. Times states that 1 in 6 of us have now experienced some kind of identity theft and experts say it will take you months to make the contacts and fill out the forms and follow up on the process it will take to correct an identity theft problem. Since these events can impact your credit score, the impact can easily effect you for up to seven years. It is definitely a time of rising identity theft risk from a world of unsavory characters. Unsophisticated hackers have available to them expanding tools to enter your home computers and tap information. We will discuss some of the big risks and current solutions here.

An Evolving Threat: As ways to access and take data from your PC evolve, so do the solutions to security protection. For example, it wasn’t too long ago that many heard and believed that an anti-virus program that included a firewall would protect your systems from identity theft threats. Now we know that as of this writing, that is just not true. Today, the required home PC security steps include use of these programs and more:

1. Do not open e-mail attachments or download programs unless you are certain of the source and content. This is step one; numero uno; your easiest line of defense. What you see is often much less than what you get. And what you get may be a total invasion of privacy and risk of identity theft. In addition to identity theft, some of these programs can actually use your address list to distribute bulk mail under your name, change the URL address of update programs redirecting them instead to look alike clone sites and cause other damage. Just don’t open bulk e-mail or forwarded e-mail to reduce this risk.

2. Do use your browser or IP service providers programs to prevent bulk mail, spam and pop-ups. Then delete the bulk mail without opening it. Hackers use these mass distribution options sending e-mail to millions if only to reach a few. Do not be one of the few.

3. Do have a firewall and use the features. Once a virus has struck, the firewall adds a possible second line of defense preventing some if not all from communicating with others on the net.

4. Do have an anti-virus program.

5. Do have Ad-ware protection programs. These programs such as Ad-aware, use an evolving data base of Data Miner program tags to find those already downloaded to your system. It is not unusual to find 2 or more data miners on your PC after surfing the net.

6. Do have Spy-ware protection programs. A current detection program is Spy Sweeper by Webroot. Spy ware also attempts to steel passwords and other personal information for use by the bad guys. Versions of spy-ware are actually sold to the public for use by spouses and parents to track sites visited by spouses and children. It is generally available in some forms. And more sophisticated and less detectable in other forms.

7. Do have update service for these and other protection programs or realizes that you are not protected from the most recent attack vehicles.

8. Do erase temporary files and cookies often and especially after visiting unfamiliar sites or opening e-mail attachments.

9. Do not offer personal information on the net unless you are certain that the site is who it says it is and transmissions are secure (encoded).

Even then, data security, even for larger companies has been found wanting. For example: Companies assign you a transaction identification number that allows retrieval of your personal information as part of a transaction. Some use sequential numbers rather than random alpha and number characters and few digits. This has allowed very unsophisticated individuals to simply add one, two, three, etc. to their I.D. number and basically steel the identity information at will.

10. Do not type your social security number at all. One prominent Brokerage House actually required it’s customers to use their social security number as their User I.D. for IRA and other account on-line access. These User I.D.s are still in use by this Brokerage house, but can now be changed if requested. Customers have not been advised of this risk.

Why is it a risk? It has been confirmed that the encryption process used to protect that User I.D. does not occur until the I.D. is transmitted. With Key Logger programs, every key stroke you make can be logged and provided to the bad guys. So lets say someone just tracks 9 digit numbers typed before passwords or uses similar logic to track and test these numbers. You can see the risk. It is huge and it is now.

Understanding the attackers:

Data Miners: Data mining programs can use “cookies” to assign a code to your computer when you open a file or open an e-mail attachment. These cookies remain stored and active in your so called “temporary file folders”. Unless you erase them, they track sites you visit and some gather personal and other typed information as well. Some reputable companies use these cookies for purposes such as directing you to most likely desirable pages or products based upon an accumulation of your previous behavior.

Key Loggers: Key loggers actually track and record your keystrokes which can then be transmitted to a collection site for analysis of content such as passwords, user I.D.s, social security number candidates, etc.

Pop-Up ads: Pop up adds can contain cookies or other programming language not visible to the eye, but as real.

Virus and Worm threats: These packets of programming language can infect or invade your computer programs. Over time, some can actually open back door options allowing additional programming language to invade and effect your software. Examples of these programs have been know to overload networks with bogus mail, re-route data and destination sites for update programs, allow use of your computer by others and even permanently disable the computer.

Back Door Access (more to come): Establishing an internet gateway into your PC for adding even more un-solicited programs, updates and data transmission.

E-mail scams: The current news headlines discuss “Phishing”, an unsolicited e-mail request from what appears to be a qualified government agency or company requesting that you update or verify your personal information. Other scams simply try to hook you with unbelievable opportunities to make money by doing simple things with large sums of money. Whether the Con is attempting to steel your identity or your cash, your first line of defense is do not open the e-mail. The second line of defense is do not provide any information. If you are really concerned and feel you should act to cooperate, do it by phone using a third secured source for the phone number such as past bills or contact information on the back of credit cards, etc.

The bottom line is there is protective and discovery software available and there are daily precautions you can take. If you would like support in acquiring this software, update procedures or information and research to resolve other security issues contact Newww-way Consulting.