Mike's Safety Belt
~~Mike Baynes, MikesWhatsNews
Identity Theft
ID theft is a growing industry on the internet ***
Do not fall victim to it.
What is ID theft?
It is the use of your personal details/information to create a false
identity.
How does it happen?
In the old days, your identification information would be obtained by
stealing the information; credit card bills, bank statements, or other
personal documents from your mail: using information from lost or stolen
wallets or purses.
- Dumpster diving, searching through the dumpsters, garbage cans and
trash from homes and businesses to obtain data.
- Another popular method used is to assume the identity of a young
person who died. This is known a 'tombstoning'. This is
often done to obtain ID for someone the same age as the thief. There was
one well publicized case in Washington state of a former class mate of a
deceased young man using his ID.
The ID thieves like them because they probably do not have any fingerprints on record or a criminal record. With the new name they can open
bank accounts, apply for credit cards, even apply for social security cards.
With the advent of the internet things became easier for the thieves.
By accessing the web and checking the online profiles information you have
provided to your favorite 'chat' group, they may be able to develop an
identity.
- Did you register with one of the 'Find Your Old Friends' sites?
You may have provided a lot of personal data which could be used.
- Does your email address give your full name, or did you enter an
alias? You do not need to have your full name in your 'name'
of your email program account.
Prevention and Security
- Never provide your log on information and password to anyone.
Use a different log on to different sites, with a mixed character - upper
and lower case with numerals. Use a minimum of 5 characters. Do not use
your or any of your family's names, birth dates, or ages.
- Do not give your mothers maiden name! It is one of the details
required to obtain birth certificates, and is frequently required or
requested by financial institutions.
- Do not use any unsecured sites for credit card transactions.
Make sure that 128bit encryption is in place.
- Do not share your personal data over the phone or via internet without
verification. Be suspicious of calls/email asking for pin numbers or other
identification. If the bank or credit card company needs them, they they
will have them on file.
- Do not use your Social Security number as ID.
- Some documents may provide more information than you intend to
provide. Microsoft Office documents may carry 'metadata', which
could include your name, your company, your computer's network name.
- Be aware of the cycle of your credit card bills, and bank statements.
Missing one may be an indication that something is wrong. It may have been
redirected to the address of the ID thief.
- Keep your Operating System updated, many of the security holes in
Windows have been patched. By downloading and installing the latest
security patches you can help eliminate the vulnerabilities which have
been discovered since the last update.
- If you have used your computer for online banking or purchases, be
aware that the information is still on your hard drive. Be careful
where you take your computer for repair. If you are getting rid of that
old hard drive you may be better off to destroy it to eliminate the chance
of the data on it being retrieved.
- Trojans are another method gathering information or controlling your
computer. They may be sent in email, or hidden in a software program. Be
sure to keep your Anti Virus and Trojan detection software updated.
- Another often overlooked method of obtaining information is 'Spyware'
or 'Adware'; programs which gather data and surfing habits without your
permission and send the data back to their database, which then may be
sold, shared, traded, or exchanged. Be certain to read the 'Privacy'
statement and/or EULA (End User License Agreement) on the web page before
downloading a program to see how they use your information.
In a worst scene scenario it may even be posted to the www for others to
view/use.
- A lot of personal data has been released by companies which have
ceased to do business and their data banks have been made available by
subsequent owners. Think about that while filling in the online forms.
- A Firewall is an effective tool to prevent a Trojan or spyware program
from phoning home. Be sure your Firewall prevents both incoming and
outgoing calls.
- There are several utilities available to remove information from a
hard drive. However there are also sophisticated programs available
to professionals, (unfortunately also to hackers/crackers), and government
which can recover almost anything.
Resources
Welcome to the U.S. government's central website for information about
identity theft.
http://www.consumer.gov/idtheft/
What to Do if It Happens to You
http://www.privacyrights.org/fs/fs17a.htm
New Consumer Assistance Initiative Announced: ID Theft Affidavit
http://www.consumer.gov/idtheft/affidavit.htm
If you are disputing fraudulent debts and accounts opened by an identity
thief, the ID Theft Affidavit now simplifies the process. Instead of
completing different forms, you can use the ID Theft Affidavit to alert
companies where
a new account was opened in your name. The company can then investigate the
fraud and decide the outcome of your claim.
Obtain the PDF file here;
http://www.ftc.gov/bcp/conline/pubs/credit/affidavit.pdf
Identity Theft Resource Center (ITRC)
http://www.idtheftcenter.org/
Electronic Privacy Information Center
http://www.epic.org/privacy/biometrics/testimony_071802.html
Identity Theft and Fraud
http://www.usdoj.gov/criminal/fraud/text/idtheft.html
Safe Internet: Microsoft Privacy and Security Fundamentals
http://www.microsoft.com/privacy/safeinternet/topics/
personal_info.htm
How to Minimize Metadata in Microsoft Office Documents
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q223396
Identity Theft Steals More Than Your Money
http://usps.com/postalinspectors/idtheft.htm
Identity Theft: The Crime of the New Millennium
http://www.usdoj.gov/criminal/cybercrime/usamarch2001_3.htm
How can I protect myself against credit card fraud?
http://www.secretservice.gov/faq.shtml#credit_card_fraud
Microsoft's Really Hidden Files: A New Look At Forensics (v2.6)
http://astalavista.com/library/os/win95-98/mshidden.txt
Securing Windows
http://www.pcnineoneone.com/howto/securingwindows1.html
Security Issues with Decommissioning Magnetic Media ~ very good article
on hard drive cleaning.
http://www.cyberscrub.com/cybercide/index3.html
Hard Drive Cleaning
Eraser ~ free
http://www.tolvanen.com/eraser/
Eraser is a secure data removal tool, which allows you to remove sensitive
data from your hard drive by overwriting it with carefully selected
patterns.
Sure Delete ~ free
http://www.wizard-industries.com/sdel.html
Permanent data removal, beyond the possibility of recovery.
UltraWipe ~ free
http://www.redstrike.com/home
UltraWipe is a software utility designed to routinely erase previous
versions of documents that have been automatically saved (whole and in
fragments) on the computer hard drive.
Ad-aware ~ free
http://www.lavasoft.nu/
Ad-aware is a free multi spyware removal utility that scans your memory,
registry and hard drives for known spyware and scumware components and lets
you remove them safely.
Is it Adware? ...or is it Spyware??
http://www.tom-cat.com/adware.html
Security Issues with Decommissioning Magnetic Media
http://www.cyberscrub.com/cybercide/index3.html
Copyright 2001 CyberScrub LLC
All Rights Reserved
I. Abstract
This document describes practical considerations of taking magnetic media
out of useful service or transferring such media to other departments or
organizations. After raising awareness of the security, business, and legal
concerns, the document evaluates different techniques for the reader to be
able to assess his options. Finally, the cyberCide ™ product is presented as
a cost-effective solution to address these risks.
CyberCide
http://www.cyberscrub.com/cybercide/
Recycle computers / Overwrite, wipe data beyond recovery / Prepare computers
for donation, redistribution / Return leased assets with confidence
Firewalls
This introduction to firewall security covers subjects such as what a
firewall does and how it works, together with the benefits and problems a
firewall can bring.
http://www.vicomsoft.com/knowledge/reference/firewalls1.html
ZoneAlarm ~ free
http://www.zonelabs.com/index.html
Outpost Firewall ~ free
http://www.agnitum.com/download/outpostfree.html
Anti-Trojan programs
"The Cleaner" is free for 30 days and removes most Trojans.
http://www.moosoft.com
"TDS-3" is free for 14 days and removes most Trojans. They also
have some free utilities listed.
http://tds.diamondcs.com.au/
"Tauscan" is free for 30 days and removes most Trojans.
http://www.agnitum.com/
" Anti-Trojan 5" is free for 14 days and removes most Trojans.
http://www.anti-trojan.net/at.asp?l=en
Anti Virus, Firewall and Trojan programs links.
http://www3.telus.net/mikebike/hackfix_program_updates.htm
Mike Baynes is the
editor of
MikesWhatsNews
. To subscribe, send a blank email to
mikeswhatsnews-request@freelists.org?Subject=subscribe
See Mike's Anti-Virus pages ~
http://virusinfo.hackfix.org.
To subscribe, send a blank email to:
virusinfo-request@freelists.org?Subject=subscribe
,
