Recently, I was a victim of identity theft. I’ve been marketing Internet security solutions for 10 years, but now I know firsthand what it feels like to have your identity stolen. I’ve learned some new ways to protect myself that I’d like to share.
Identity theft can be split into two categories. The first is when an existing account is accessed by an unauthorized user and the other is when new accounts are opened using stolen personal information. Here are some of the leading methods criminals use to steal this information and some tips on how to keep safe:
Phishing uses various scams to get you to provide your personal information. Criminals use different ploys such as scare tactics (your account will be closed), free gifts, or pleas from someone needing help. They can appear to come from legitimate businesses or even from people you know.
A good spam filter will block most phishing emails and mobile security can block these threats on your mobile devices. But these threats can also occur through the mail or over the phone. If a request for personal information appears to come from a legitimate company, contact the company directly (using contact information from a reliable source, not the suspect email, mail, or call) to see if the request is valid. And if an offer seems too good to be true, it probably is—especially if you’re winning something from a contest you didn’t even enter.
You should question anytime you’re asked to provide personal information. As a security best practice, most companies avoid using email to request personal information. But if you feel the request might be legitimate, follow up with the company first. The best test is the gut test—does it make sense for you to provide personal information in this context? If the answer is no, then don’t. Want to know more about the nitty gritty of phishing? Check out this paper on the Anatomy of a Phishing Email.
Keylogging Trojans and other malicious spyware
Keylogging Trojans are malware that once downloaded onto your personal computer can record your key strokes and send this information back to the criminal. They can be programmed to only record and report keystrokes when you enter certain sites, for example, bank websites. There are also other types of malicious spyware that gain access to personal information unbeknownst to the user.
The best defense against these threats is effective Internet security that protects both your email and web usage. As a rule of thumb for user best practices—if you’re not expecting a link or attachment, don’t open it. Even if the email is from someone you know or a company with which you do business, double check with the sender before you open something that you weren’t expecting.
This is a method of stealing credit card information during a legitimate transaction. It can be as simple as a criminal copying credit card receipts or it can be very high tech with devices that connect to legitimate card slots or keypads. Skimming can happen with many different types of businesses, but is particularly prevalent in situations where consumers hand over their card to a third party to run the transaction.
Skimming is difficult for consumers to protect against. When possible, you may want to rely more on your credit card than a debit card. You can dispute a fraudulent charge with a credit card agency. They will investigate the claim, usually refunding your money during the investigation. Although many banks now quickly refund fraudulent withdrawals, there is additional peace of mind when there is a buffer between a fraudulent action and your bank account.
Corporate data breach
Many of the companies you do business with have your personal information. Of course, this includes banks and credit card companies, but also any company that receives automated payments has your account information. And odds are your utilities, phone company, cable provider, mortgage company, and others have enough personal information on you, that if accessed by criminals, would allow them to open new accounts.
You are relying on these companies to protect your information. You might want to inquire about their security practices. Do they encrypt their customer records? What other protections do they have in place to protect against data breach? What are their policies if their data is hacked?
Low-tech data theft
Of course, the Internet is not the only way that personal information can be stolen. Your mail can contain personal information and opportunities like balance transfer checks. When disposing of this information, you should shred the contents.
You should also keep your personal information somewhere secure and perhaps spread across a couple of different locations to avoid access through burglary. And I would recommend carrying only your essential personal information with you to limit what can be stolen through robbery.
I’m proud to work for a company that helps combat cybercrime, and many of the recommendations here will help to keep you safe. But no matter how many precautions people take, some will still become the victims of identity theft. Part 2 of this series covers how to minimize the damage.
I work for Trend Micro and opinions expressed here are my own.